skip navigation

More signal. Less noise.

Get a Backstage Pass to LookingGlass’ Digital Business Risk Roadshow

When it comes to digital business risk, you don’t want a general admission perspective. Get a backstage pass for the LookingGlass Digital Business Risk Roadshow to learn the industry-latest on effective third party risk management, taking a proactive security approach, and get a cybercriminal mastermind's insights on manipulating your organization’s cyber strengths and weaknesses. Come see us in a city near you. The next stop is Houston, TX!

Daily briefing.

Zscaler reports finding a campaign of malicious redirection from WordPress sites in the wild. Those responsible are exploiting a cross-site-scripting vulnerability in the platform's widely used WP Live Chat Support plugin.

As another database is found exposed online (this one a Chinese set of 45.2 million records culled from online dating sites, as CyberScoop and others report), Digital Shadows shares some glum perspective: the company thinks some 2.3 billion files are similarly exposed. Some are chickenfeed, others are "gold."

ESET is taking a close look at the Turla threat actor's latest capers, many involving Powershell exploits.

The International Committee of the Red Cross has released a study of the potential humanitarian costs of cyber operations. The report cites, as part of its motivation, the need to address the effect such incidents as WannaCry, NotPetya, and attacks on the Ukrainian grid have on delivery of essential goods and services to civilian populations. It also cites the increased willingness to conduct offensive cyber operations by countries other than Russia and North Korea. The ICRC's study is intended to inform the laws of armed conflict of how new cyber technologies might be constrained to ameliorate suffering from operations in this newly contested domain.

Baltimore thinks the ransomware attack on the city's systems will cost it around $18.2 million, when all is said and done, according to the Baltimore Sun. We're just spitballing here, but we guess it would have cost less to patch those systems two years ago (and even back them up).

Notes.

Today's issue includes events affecting Canada, China, Germany, Iran, Israel, Russia, Saudi Arabia, United Kingdom, United States.

Bring your own context.

NIST is thinking ahead about quantum computing and what it means for encryption standards.

"The main change with respect to the previous version is the recommended security strength for crypto algorithms. It used to be 80 bits. Now NIST recommends a security strength of at least 112 bits for applying crypto protection to data, whether it's for encrypting data or for signing data.... You know, the way we encrypt data, which relies on public key infrastructure, is based on the intractability of the integer factorization and the discrete log problems, and that intractability may no longer be valid when we have quantum computers. So NIST is prepping for that, as well as for the advancements of classical computing technology, by asking businesses and, you know, federal agencies to increase the key lengths of the algorithms they use today so that a security strength of at least 112 bits is used.... There may be more computational power used to encrypt data. Obviously, the data that has been encrypted already will continue to be decrypted with the existing algorithms with the existing keys. That presents some risk that organizations need to be aware of, but that's part of going through this transition."

—Malek Ben Salem, of Accenture Labs, on the CyberWire Daily Podcast, 5.28.19.

Read all about it in NIST SP 800-131A Rev. 2, "Transitioning the Use of Cryptographic Algorithms and Key Lengths." Be prepared to enter the quantum realm. (And no, it's not like what you saw in Ant Man.)

Get the In-Depth Guide to Operationalizing Threat Intelligence.

Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.

In today's podcast, out later this afternoon, we speak with our partners at Cisco Talos, as Craig Williams offers his take on a critical Microsoft vulnerability, CVE-2019-0708, the vulnerability known as BlueKeep. Our guest is Matt Aldridge from Webroot; he talks us through the implications of San Francisco's ban on facial recognition.

And Hacking Humans is up. In this week's episode, "Be willing to admit you don't know everything," Dave reviews Google's recent security report on basic account hygiene. Joe describes passive social engineering, including USB charging stations at airports. The catch of the day exposes a trunk box scam involving ill-gotten war profits. Carole Theriault speaks with the head of a group that call themselves Scam Survivors.

National Cyber Summit Job Fair, June 5, Huntsville. (Huntsville, Alabama, United States, June 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free National Cyber Summit Job Fair, June 5 in Huntsville. Meet face-to-face with 22 leading cyber employers. Visit our site for more details.

Cyber Howard Conference (Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.

Cyber Warrior Women Summer Social: Sip and Paint (Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.

Cyber Attacks, Threats, and Vulnerabilities

Malicious JavaScript injected into WordPress sites using the latest plugin vulnerability (Zscaler) Zscaler security researchers detected a campaign where attackers are compromising Wordpress websites and injecting malicious redirection script by exploiting the latest cross-site script (XSS) vulnerability in the popular WP Live Chat Support plugin.

Hackers actively exploit WordPress plugin flaw to send visitors to bad sites (Ars Technica) If you're seeing more malicious redirects than usual, now you know why.

Vulnerability in Realtek SDK Exposes Routers to Attacks (SecurityWeek) Realtek SDK vulnerability affects SOHO routers. Attacks have been tested on D-Link and Trendnet devices, but products from other vendors are likely vulnerable.

Chinese database exposes 42.5 million records compiled from multiple dating apps (CyberScoop) Tens of millions of records about users of different dating apps have been discovered in a single database that doesn’t include any password protection, according to new research findings.

Too Much Information: 2.3 Billion Files Exposed Across Online File Storage Technologies (Digital Shadows) There are now 750 million more files exposed than our Photon Research Team reported last year; not all of them are blatantly sensitive, but there is plenty of gold in these mountains.

Turla APT group beefs up cyber attack tool (ComputerWeekly.com) An advanced persistent threat cyber espionage group has improved its tools to attack diplomatic targets, making their activities more difficult to detect and block

A dive into Turla PowerShell usage (WeLiveSecurity) ESET researchers show how, in a bid to evade detection, the Turla group leverages PowerShell scripts to inject malware directly into memory.

Docker Bug Allows Root Access to Host File System (Decipher) A vulnerability in all versions of the Docker platform can give an attacker full read and write access to the host file system.

Predator the Thief (EnigmaSoft Ltd) A new info stealer by the name Predator the Thief has been detected in several large-scale attacks recently. It appears that its author is a user called 'Alexuiop1337' who is currently selling Predator, the Thief on several Russian forums. The initial price was $35, but after several updates and perhaps seeing the interest it has garnered, the author of the Predator the Thief raised the price to $80.

Flipboard hacks prompt password resets for millions of users (TechCrunch) Social sharing site and news aggregator Flipboard has reset millions of user passwords after hackers gained access to its systems several times over a nine-month period. The company confirmed in a notice Tuesday that the hacks took place between June 2, 2018 and March 23, 2019 and a second time on …

Researcher Finds Mac Gatekeeper Bypass (Decipher) The OS X Gatekeeper security system can be bypassed with a new technique developed by researcher Filippo Cavallarin.

When it comes to email-based threats, Emotet dominates (Help Net Security) Emotet displaced credential stealers, stand-alone downloaders and RATs and became the most prominent threat delivered via email.

Baltimore estimates cost of ransomware attack at $18.2 million as government begins to restore email accounts (Baltimore Sun) Baltimore's budget office estimates a ransomware attack on city computers will cost $18.2 million in lost or delayed revenue and contracts to restore systems.

Feds owe Baltimore nothing for cyber attack that was preventable (Baltimore Sun) Baltimore could have spared itself the damages incurred by ransomware attack.

Van Hollen And UMBC Expert Talk About Next Steps After Cyber Attack On Baltimore City (WBAL) WBAL NewsRadio 1090/FM 101.5 - The recovery crawled ahead on Wednesday, with email access restored for some agencies.

Cyber-attack forces shutdown of computers at county courthouse (Citizen's Voice) A cyber-attack has forced Luzerne County officials to shut down some of the computers at the county courthouse. Information technology workers are examining all servers and computer stations at the courthouse, according to David Parsnik, co

Report: Smart Transportation Systems Pose ‘Profound’ Privacy Risks (Nextgov.com) Governments are collecting lots of data on the people using roads, trains and buses, and without proper oversight, that information could easily be misused.

[Report] Legit Remote Access Tools Turn Into Threat Actors' Tools (Cyberint) Whilst TA505 are almost certainly responsible for several of these recent campaigns, broader analysis of the TTP employed indicates that multiple threat actors are conducting similar operations against a variety of victims, especially with the use of RMS.

How much does it cost to get an employee to steal workplace data? About $300 (The Next Web) The price of loyalty is higher than you think.

Security Patches, Mitigations, and Software Updates

G Suite to add secure email features (CRN Australia) On-by-default ‘confidential’ mode can expire email or control attachments.

Cyber Trends

Mimecast Global Research Finds Loss of Customers, Finances and Data Due to Rise in Impersonation Attacks (West) Third-Annual State of Email Security Report Reveals 61 Percent Believe Their Organization Will Be Negatively Impacted by Email-Borne Threats this Year

Digital Shadows Reveals a 50% Increase in Exposed Data in One Year (Digital Shadows) Misconfigured security controls could result in multiple breaches of GDPR with 2.3 billion exposed files, including passport data, bank records and medical information, increasing risk of identity theft, ransomware attacks and more

New 2019 Global Survey: IoT-Focused Cyberattacks are the New Normal (IoT Business News) Irdeto finds that in sectors such as transport, manufacturing and healthcare, while a majority of organizations have suffered an IoT attack, the mindset of security as a cost is changing. Eight in ten organizations have experienced a cyberattack on their IoT devices in the past 12 months, according to new research by Irdeto. Of those ...

IoT Technology and Smart Devices in the Home (Clutch) Most people are most familiar with IoT technology in the home, partially as a result of "forced adoption." People value the access and control their smart home devices offer, which helps explain why smart home security systems are the most popular smart home device. As the price of IoT technology falls, people plan to invest more in smart home devices in the future. ​​​​​​Read

Marketplace

Bondholders Wager Huawei Will Withstand American Onslaught (Wall Street Journal) Investors in the debt markets are betting Huawei Technologies can weather U.S. pressure—with assistance from the Chinese state if necessary.

Insight Partners Acquires Recorded Future for $780 Million (PR Newswire) Recorded Future, the leading threat intelligence company, today announced that Insight Partners has agreed to acquire a...

AttackIQ raises $17.6 million for continuous enterprise security monitoring (VentureBeat) AttackIQ says it has secured $17.6 million in venture capital to expand its continuous security monitoring and mitigation tools.

Sunstone Merges Three Companies to Form New Cybersecurity Platform (Wall Street Journal) The growth-equity firm said it has bought Sword & Shield Enterprise Security Inc. and merged it with Terra Verde and TruShield. The new company, which will be called Avertium, will be based in both Arizona and Tennessee and employ more than 150.

TruShield Announces Acquisition and New Name (PR Newswire) TruShield Security Solutions, Inc., an award-winning Managed Security Service Provider (MSSP) delivering 24/7/365...

Phoenix Based Terra Verde Secures Growth Capital, Launches New Name, Brand (PR Newswire) Terra Verde Security LLC, the award-winning cybersecurity managed security services provider, recently Ranked #1...

Verodin buy widens FireEye’s D.C. footprint, opens continuous cyber monitoring (Washington Business Journal) Verodin's ability to assess cyber effectiveness and coverage gaps with its software-as-a-service tool informed FireEye's acquisition of the company, but its location in Tysons didn’t hurt either.

CrowdStrike sets terms for $378M Nasdaq IPO (TechCrunch) The cybersecurity unicorn plans to trade under the ticker symbol "CRWD."

The story of CrowdStrike's record-setting cybersecurity IPO [datagraphic] (PitchBook) CrowdStrike has set terms for what would be the biggest cybersecurity IPO for a VC-backed company in the US. We took a look at the company's journey from founding to Wall Street.

Xconomy: CrowdStrike IPO: Cybersecurity Firms Defend Themselves, and You (Xconomy) Of the many risks facing a cybersecurity company that’s trying to raise money through an initial public offering, here’s one that might surprise some

At Facebook shareholder meeting, challenges to Zuckerberg’s power are doomed (San Jose Mercury News) CEO Mark Zuckerberg’s “unprecedented” power will be at the center of Facebook’s annual shareholder meeting on Thursday.

Rights groups probe investments in NSO Group’s private equity firm (CyberScoop) Pension groups in the United States and UK have investments in Novalpina Capital, which controls a portion of the board at NSO Group.

CyberX Announces New VP of Sales, Americas (Yahoo) CyberX, the IoT and industrial control system (ICS) security company, today announced that Jason Schaaf has joined the company as its new Vice President.

Products, Services, and Solutions

ReFirm Labs Launches Certified Partner Program for Managed Security Service Providers and Resellers Worldwide (Benzinga) ReFirm Labs, a provider of the industry's first proactive IoT and firmware security solutions, today announced the launch of...

CyberX Launches First Open Development Environment (ODE) for Securing IoT/ICS Devices Running Proprietary Protocols (West) Enables Customers and Technology Partners to Independently Add Support for Proprietary IoT/ICS Protocols Without Divulging Sensitive Information

We’re launching a file encryption service this summer (NordVPN) For some time now, we've been quietly working on something awesome. Something that will enhance your digital security beyond the VPN capabilities. Something that we're really excited to tell you about!

Kaseya-owned RapidFire Tools launches cyber insurance compliance software (CRN Australia) Watchdog to ensure customers are in compliance with their policy.

StorageCraft ShadowXafe Transforms Data Protection and Recovery with Radical Simplicity and Scale (StorageCraft) MSPs and SMEs Can Now Standardize on a Single Platform for Data Protection and Business Continuity

Unified Patents Launches Cybersecurity Protection Zone, Attracts Numerous Industry Leaders and Innovators (PR Newswire) Unified Patents Inc., the world's only membership organization dedicated to deterring Non-Practicing Entity...

Secret Double Octopus Announces European Expansion to Eliminate Passwords from the Enterprise (Yahoo) Secret Double Octopus, the pioneer of Passwordless Enterprise Authentication, today announced its expansion into the European market with a presence in the UK, France, and Italy. Secret Double Octopus delivers a new generation of user authentication that

Salesforce Rolls Out Blockchain Builder for Noncoders (Wall Street Journal) Salesforce, joining its cloud-services peers, is getting into the blockchain business. The company said some of its customers are using an early version of a platform that allows them to build blockchain applications without needing much expertise in the technology.

NSFOCUS releases cloud DDoS protection offering (Channel Life) DDoS attacks are one of the most complex threats that businesses face, with just a few minutes of downtime proving costly for organisations.

Attila Security's GoSilent Data Security Platform Fulfills NIAP Requirements (ExecutiveBiz) The National Information Assurance Partnership has listed Attila Security’s GoSilent data security platform, verifying the product’s compliance with NIAP requirements. The company said May 14 its GoSilent platform, which was first developed at the National Security Agency, is also pending for NIAP’s

The Hartford Partners With Mimecast To Help Businesses Reduce The Risk Of A Cyber Incident (Yahoo) The Hartford has partnered with Mimecast, an email and data security company, to offer Mimecast™ Awareness Training services to help its customers reduce the risk of a cybersecurity incident before it occurs. “Cyberattacks continue to evolve and are becoming more sophisticated,” said Tim Marlin,

RapidFire Tools Debuts Cyber Insurance Compliance Software (CRN) RapidFire Tools – known for its security and regulatory software -- has has created what it says is a unique watchdog for cyber insurance customers that ensures they are in compliance with their policy before the worst happens.

Technologies, Techniques, and Standards

3 Ways Norsk Hydro Kept its Reputation During LockerGoga Cyberattack (Nozomi Networks) While poorly handled data breaches capture the headlines, it’s refreshing to note a recent industrial cyber incident that has been applauded by experts. The event in question is the LockerGoga ransomware attack on Norsk Hydro.

Should Failing Phish Tests Be a Fireable Offense? (KrebsOnSecurity) Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this particular teaching approach).

What Businesses Can Learn From The DHS-OMB Assessment Of Federal Agencies' Security Readiness (Forbes) Security should be a part of business leaders' overall development strategy.

How to avoid botnet attacks and other cyberthreats: 4 tips (TechRepublic) The Emotet botnet drove 61% of malicious payloads in Q1 2019, according to a Proofpoint report. Here's how to keep your business safe.

Pennsylvania National Guard cyber branch supports primary election (US Army) Members of the Pennsylvania National Guard joined other state partners at the Pennsylvania Emergency Management Agency (PEMA) May 21 to reassure voters of the security of the commonwealth's primary election.

Design and Innovation

For blockchain it's time to face up to governance and regulation (Computing) Governance of decentralised systems is an unlikely 'hot' area for researchers, technologists and lawmakers alike.

The British companies pioneering AI that reads your emotions - and will revolutionise everything from shopping to sport (The Telegraph) Imagine, if you will, stepping into your favourite shop on a lazy afternoon to do a spot of browsing.

Research and Development

German quantum project on secure comms gains €165M funding (Optics) Fraunhofers HHI, IOF and partners working on 7-year QuNET mission for a “secure European data space and quantum optical internet.”

Academia

UK universities warn on theft of research in foreign cyberattacks (The Telegraph) Dozens of UK universities have warned their research is being stolen in cyberattacks and sent overseas, a new survey has found.

Legislation, Policy, and Regulation

Potential human costs of cyber operations – Key ICRC takeaways from discussion with tech experts (Humanitarian Law & Policy Blog) Key ICRC take-aways on the potential human cost of cyber operations from a meeting with cyber security experts.

The potential human cost of cyber operations (International Committee of the Red Cross) This report provides an account of the discussions that took place during a meeting of experts organised by the ICRC in November 2018 on the potential human cost of cyber operations.

This Is Not a Great-Power Competition (Foreign Affairs) The term doesn’t capture today’s reality.

There are real reasons to be wary of Iran, Joint Chiefs chairman says (Military Times) The U.S. is beefing up its presence in the Middle East in response to perceived threats from Iran, the chairman of the Joint Chiefs said, but it is not a provocation to war.

Why attribution is a means to an end (FCW) Law enforcement officials insist that accurately placing the blame on countries or groups who engage in destructive cyberattacks is a critical prelude to imposing more meaningful consequences.

Pence, Trudeau to discuss Huawei and China trade issues in Ottawa:... (U.S.Reuters) U.S. Vice President Mike Pence and Canadian Prime Minister Justin Trudeau will d...

Huawei USA security chief suggests the company could be open to 'mitigation measures' to address US national security concerns (CNBC) Huawei seeks a summary judgment in hopes of avoiding a full-blown trial in a lawsuit the Chinese telecom giant filed against the U.S. in the March.

Mandate cyber intel sharing, Apac regulators told (Risk.net) Regulators must work with banks to foster trust on cyber threat intelligence sharing, say execs

Federal cybersecurity agency on the way? (CSO Online) As human activity migrates into the online space, keeping the bad guys from mucking it all up becomes paramount. Does that mean it’s time for a federal cybersecurity agency?

Stop demonizing encryption (CyberScoop) The current negativity toward encryption perpetuates misinformation and provides fodder for governments seeking to undermine security and privacy across the globe.

Cyber Command appoints new No. 2 amid growing battle with foreign hackers (POLITICO) Myers became chief of staff at Cyber Command headquarters in May 2018, the same month Nakasone took the reins.

Analysis | The Cybersecurity 202: Democratic base fired up by effort to ban Internet-connected voting machines (Washington Post) Liberal groups helped secure more than 50,000 comments on this highly technical issue.

Lawmakers raise security concerns about China building NYC subway cars (TheHill) A bipartisan group of House members from New York state are raising concerns about Chinese involvement in building New York City subway cars, zeroing in on the potential that the new train cars could be hacked or controlled remotely.

New York could soon pass its own GDPR-inspired data security law (CyberScoop) New York data security law could look different if the state's lawmakers pass the SHIELD Act, which would cover any business working with state residents.

California counties must update voting systems by March 2020 (NBC News) Most California counties think they will make the deadline to update their voting systems, but 10 are requesting exemptions or extensions.

Litigation, Investigation, and Law Enforcement

Forget Mueller: Our pants are still down on election security, and Facebook can't save us (CNBC) Blaming Facebook, focusing on the Mueller-Barr feud, impeachment talk and debating obstruction of justice and impeachment mean we're still not talking about election security. Look out, 2020.

Mueller’s statement highlights key differences with Barr on investigation of President Trump (Washington Post) The special counsel suggested that Congress is the constitutional arbiter of whether the president committed a crime.

Pelosi says altered videos show Facebook leaders were ‘willing enablers’ of Russian election interference (Washington Post) House Speaker Nancy Pelosi (D-Calif.) said Wednesday that Facebook’s refusal to take down an altered video of her shows that the company’s leaders were active contributors to online disinforrmation and “willing enablers" of Russian interference in the 2016 election.

Saudi Arabia accused of hacking London-based dissident (the Guardian) Kingdom targeted satirist Ghanem Almasarir with Israeli malware, letter of claim alleges

FBI Heading Huge US Govt. Drive To Fight Fraud In Crypto Currencies (UrduPoint) The FBI is spearheading a major security initiative to crack down on fraud, manipulation and other criminal activities in the field of crypto currencies, US Cyber Threat Intelligence Integration Center (CTIIC) Director Erin Joe said on Wednesday.

New York Regulator to Investigate Exposure of Mortgage Documents (New York Times) The agency is using its authority under a new cybersecurity regulation to investigate a mistake by a title insurer that revealed a trove of sensitive data.

Collier County woman targeted in virtual kidnapping scam (WFTX) Kelly says she received a call from who she thought was her husband, but once she picked up the phone, someone on the other line answered instead and said they had Kelly's husband and daughter, and demanded money.

Apple defends itself against claims its App Store is an abusive monopoly (Computing) Apple creates a 'Principles and Practices' web page to justify its 30 per cent App Store commission and business practices.

Three tech-support scammers charged with ripping off the elderly (Naked Security) The defendants allegedly pulled in over $1.3 million over the course of about six years for unnecessary and undelivered tech support.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Time Machine 2019 (Austin, Texas, USA, November 13 - 14, 2019) At Time Machine, you will actively engage with real-world AI applications. Hear from leaders on the cutting edge of technology, government, industry, academia, and the arts, and uncover the roadmap for...

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

SecureWorld Atlanta (Atlanta, Georgia, USA, May 29 - 30, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...

Louisville Cybersecurity Conference (Louisville, Kentucky, USA, May 30, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

National Cyber Summit (Huntsville, Alabama, USA, June 4 - 6, 2019) National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising...

Infosecurity Europe (London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.