skip navigation

More signal. Less noise.

MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.

Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.

Daily briefing.

“Chaos” and “debacle” are the words the San Diego Union-Tribune, the Wall Street Journal, and others use to describe the Iowa Democratic Party caucus, which yesterday gave party members the opportunity to express their preference for a Presidential candidate. Those preferences remain unknown, as the results are still being counted and checked, delayed by problems with an app deployed in the caucuses for the first time. There are no reports of any form of cyberattack. The distinctive way the caucuses are conducted suggests only limited lessons for election security. Principal among those would be "don't deploy technology in voting until it's been thoroughly tested under realistic conditions."

While there was little-to-no evidence of foreign interference in Iowa, a McAfee study released this morning suggests that local authorities in the US are particularly ill-prepared to counter the problem of influence operations conducted through compromised county websites. Fixing the basic failures in website design McAfee calls out wouldn't be a panacea, but it might amount to a good start.

Japanese electronics giant NEC disclosed Friday that its networks had sustained an unauthorized intrusion by parties unknown in 2016. The incident was discovered in 2017, with remediation continuing into 2019. The company says no sensitive data were lost, but it doesn't explain why the disclosure was made now.

Twitter said yesterday that a network of "fake accounts" had been exploiting its API to match usernames with phone numbers. Twitter says it's fixed the problem, and warns that a nation-state might have been responsible.

Notes.

Today's issue includes events affecting Australia, China, France, Iran, Israel, Japan, Lithuania, Malaysia, Philippines, Russia, United Kingdom, United States.

Bring your own context.

Venture capitalists hear a lot of pitches and see a lot of pitch decks. What are some mistakes they see that a security start-up might avoid?

"I'd say one mistake that I often see when I'm pitched to... I have a technical background, you know. I've spent the majority of my career building security solutions. So don't spend three slides telling me why security is a problem. I fully understand that. Let's save that time and use it for something else. Whereas hose three slides may be very important if you're going into, say, a family office that doesn't necessarily have a deep background in security. So do your research. Understand whom you're speaking to. And tailor your deck accordingly. You don't have to have just one deck."

—Michael Sutton, founder of StoneMill Ventures, on the CyberWire Daily Podcast, 1.31.20.

Always consider the audience, understand their backgrounds (and their likely background knowledge, and the assumptions they'll probably bring to the meeting), and remember that your goal is communication, not self-expression.

Coming soon: CyberWire Pro.

Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.

Aerospace news worthy of attention.

If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.

Investigating China’s Disinformation Campaigns

Cyber influence campaigns have plagued countries across the globe in the past few years, with foreign policy objectives, economic goals, and public opinion caught in the crossfire. LookingGlass researchers have tracked over 2000 People’s Republic of China-related influence operators on Twitter to better understand the current landscape. In our next webinar, Tom Creedon will explore these findings to gain an understanding of operator account patterns and targets. Save your seat for February 6 at 1pm ET.

In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners from the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses rules governing the destruction of electronic evidence. Our guest is Alex Burkardt from VERA, with thoughts on how to protect critical financial data beyond the corporate perimeter.

And Recorded Future's threat intelligence podcast, produced in cooperation with the CyberWire, is also up. In this episode, "A Journalist’s Perspective on Global Cyber Threats," they have a conversation with Hakan Tanriverdi, cybersecurity journalist for Germany’s public broadcasting network, who discusses what it's like reporting on a highly technical subject area.

Suits & Spooks (Washington, DC, United States, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers from government agencies and technology companies engage in discussion and debate of security challenges. World-class speakers describe their vision of future threats and leading-edge companies will exhibit novel solutions. Get 15% off with discount code cyberwire15.

Cyber or Cleared Job Fair, February 13, San Antonio. (San Antonio, Texas, United States, February 13, 2020) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber or Cleared Job Fair, February 13 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.

RSAC 2020 (San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!

Cyber Attacks, Threats, and Vulnerabilities

Iowa Caucus Results Delayed by Counting Problems (Wall Street Journal) An election debacle unfolded as the Iowa Democratic Party failed to release the results of the state’s presidential caucuses, saying it had found “inconsistencies in the reporting” as the nation awaited the outcome of the first-in-the-nation nominating contest.

Iowa Democratic caucuses turn to chaos as party fails to declare winner (San Diego Union-Tribune) Precinct chairs around the state report problems with the computer application intended to relay results to party headquarters.

Iowa Caucuses Devolve Into Chaos Over Tech Problems and 'Inconsistencies' (Time) The voters have finally spoken, but nobody knows what they said

‘It kind of failed us’: With eyes of the world on Iowa, another hiccup in American democracy (Washington Post) She couldn't get the mobile app to work. And she couldn't get through to the state party. So Linda Nelson, the Democratic chairwoman in Pottawattamie County, chose her next best option: Facebook.

Iowa Caucus Results Delayed by Apparent App Issue (Wall Street Journal) The mobile app that appears to have caused problems during the Iowa presidential caucuses was built by a small Washington, D.C.-based company connected to a nonprofit progressive digital strategy firm.

Tech firm started by Clinton campaign veterans is linked to Iowa caucus debacle (Los Angeles Times) Shadow, a tech developer started by veterans of Hillary Clinton’s 2016 run, built the app being blamed for delaying Iowa Democratic caucus results.

The Cybersecurity 202: Iowa caucus debacle shakes public confidence in 2020 security (Washington Post) The biggest security lesson from last night's Iowa caucuses: It doesn't take a hack for technology to undermine confidence in an election.

People are wrongly making Hillary Clinton's campaign manager the villain of the Iowa caucus (updated) (The Daily Dot) Hillary Clinton is not involved in the Iowa caucus this year, and yet her old campaign manager, Robby Mook, is under fire tonight. Here's why.

McAfee Research Reveals Election Website Security Shortcomings in 2020 Battleground States (BusinessWire) Lack of .GOV Validation and HTTPS Encryption Among County and County Election Websites Could Render 13 Battleground States Susceptible to Voter Disinformation Campaigns in 2020 Elections

Japanese Firm NEC Electronics Confirm Security Breach (Latest Hacking News) The Japanese electronic and IT giant NEC has disclosed a security breach leaking around 28,000 files. However, the defense data remained safe.

Hacking leads to fake story claiming US soldier in Lithuania has coronavirus (Stars and Stripes) Lithuania’s “Kauno Diena” newspaper said a false story, which appeared Friday, was the work of hackers and was visible for about 10 minutes before being taken down.

Twitter says an attacker used its API to match usernames to phone numbers (ZDNet) Twitter discloses security incident involving the abuse of one of its official API features.

Bouygues Construction Shuts Down Network to Thwart Maze Ransomware (BleepingComputer) French construction giant Bouygues Construction shut down their computer network to avoid having all of their data encrypted by the Maze Ransomware.

250 Million Microsoft Customer Service Records Exposed; Exactly How Bad Was It? (CPO Magazine) Microsoft announced a breach where they uncovered misconfigured security rules in one internal database that exposed 250 million customer service records for almost whole of December.

Microsoft Teams goes down after Microsoft forgot to renew a certificate (The Verge) An embarrassing mistake for Microsoft’s Slack competitor

‘Pabbly’ Exposes 51.2 Million Records via Leaky Database (TechNadu) An India-based email marketing company, "Pabbly", has exposed over fifty million email addresses belonging to their customers.

Library Lines: Contra Costa system recovers from cyber-attack (East Bay Times) Library and county IT staff are working to secure and upgrade the library’s system network to prevent future attacks, and law enforcement continues to investigate the cause of the breach.

TA505 APT Group Returns With New Techniques: Report (BankInfo Security) After a hiatus, TA505 - a sophisticated APT group that has targeted financial companies and retailers in several countries including the U.S. - has returned with a

Vulnerability Summary for the Week of January 27, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

United Healthcare reports breach affecting 36 SC customers (Post and Courier) First and last names, health plan information and private medical claims data all could have been compromised, United said.

Yarra Trams data breach: Commuters' email addresses exposed (The Age) The personal email addresses of nearly 100 commuters who had applied for compensation were exposed in a Yarra Trams data breach. 

Adversary Exposed: How One Criminal Attempted to Sell an MSP on the Dark Web (Medium) Think about all the things you can buy and do on the dark web.

Coronavirus Fears Exploited in Phishing Attacks (AppRiver) Over the past few weeks, we have been patiently awaiting a surge in malicious email activity surrounding the Novel Coronavirus outbreak that has garnered headlines across the globe. We had previously spotted some run-of-the-mill spam campaigns that were leveraging the outbreak to hawk over-ear facemasks. We subsequently saw some activity from the Emotet malware group that was exploiting the topic by sending mal-spam links. However, those were limited in scale and seemed to be only targeting users in Japan.

Instagram's Search Results For Vaccines Are A Public Health Nightmare (HuffPost) By promoting anti-vax misinformation, the platform legitimizes distrust in vaccines.

Not funny: Vlogger in nCoV prank says sorry to mall, public (Inquirer) The vlogger who stirred a public scandal after pretending to be a novel coronavirus (nCoV) carrier had apologized to the public and the management

Security Patches, Mitigations, and Software Updates

Twitter Fixed Issue Exploited to Match Phone Numbers to Accounts (BleepingComputer) Twitter says that it discovered and fixed an issue exploited by attackers to match specific phone numbers to their corresponding Twitter accounts.

Google cuts Chrome 'patch gap' in half, from 33 to 15 days (ZDNet) Future plans include cutting the patch gap further, which might mean that Google will have to release Chrome security fixes on a weekly basis.

Ring's latest update notifies if your local police department can request to access video (USA TODAY) The new updates come after reports of hackers gaining access to Ring security cameras.

Cyber Trends

Where cybersecurity misses the mark, yet again (Computing) Esoteric cyber threats posed by countries like Iran and North Korea may grab the headlines, but distract from the real security issues, argues Tanium's Orion Hindawi

AI Special Report (AppRiver) Welcome to 2020. We’re not quite in the age of the flying cars yet, however, we are now firmly in the era of artificial intelligence (A.I.) in many homes and businesses across America.

Mobile Threat Landscape (Wandera) It should be another momentous year for mobile security, with cyber attacks growing rapidly in sophistication and distribution. This report will cover the key mobile security trends that emerged last year as well as summarize thoughts for the mobile threat landscape for the year ahead.

Top Ten New Open Source Security Vulnerabilities in 2019 (WhiteSource) 2018's top ten list of vulnerabilities includes old favorites like Linux and Spring, newer players like AngularJS and Requests, headline grabbers like Struts and Drupal, and more.

Antivirus Would Have Saved Them $71 billion in 2019 (Scoop News) Data gathered and calculated by Precisecurity.com shows that some businesses could have saved about $71 billion by having an effective antivirus solution. The affected businesses saw millions of records exposed due to poor security.

Cyber Resilience Think Tank Forecasts Four Key Trends to Hit the Cybersecurity Industry (Yahoo) Mimecast Limited (MIME), a leading email and data security company, today announced the availability of Commencing a New Decade: 2020 Predictions, the latest eBook from the Cyber Resilience Think Tank (CR Think Tank). This group of security leaders recently gathered to reflect on the past decade and

2020 SonicWall Cyber Threat Report: Threat Actors Pivot Toward More Targeted Attacks, Evasive Exploits (PR Newswire) SonicWall, the trusted security partner protecting more than 1 million networks worldwide, today announced its annual threat report findings,...

Marketplace

Accenture acquires UK consultancy firm Mudano (ZDNet) Mudano uses analytics and applied data science to help large banks, insurers and wealth management firms in the UK analyze data around key areas.

HPE Buys Scytale, Embraces Open Source Security (SDXCentral) Hewlett Packard Enterprise (HPE) today said it acquired cloud security startup Scytale for an undisclosed amount. The deal will boost HPE’s identity management technology as well as its credibility within the open source community.

Google's parent company Alphabet hits trillion-dollar valuation (The Telegraph) Google's parent company Alphabet has reached a valuation of one trillion dollars for the first time, making it only the fourth US-listed company to hit the milestone.

Google reveals YouTube revenues for the first time (The Telegraph) Google parent Alphabet has revealed YouTube revenues for the first time, with advertising sales on the platform doubling in the last two years.

YouTube generated $15bn in sales for Google last year – or $7 per person (The Telegraph) In the 13 years since Google bought YouTube for $1.

Alphabet shares decline on revenue miss; YouTube ad, cloud revenues finally revealed (MarketWatch) Alphabet Inc. shares fell nearly 5% in extended trading after the company’s fourth-quarter revenue fell short of Wall Street estimates on Monday.

Air Force Taps Google for IT Security Assessment (Nextgov.com) The move is part of the service’s push for an Enterprise IT-as-a-Service environment.

TCL to stop making BlackBerry Android smartphones (Computing) TCL's BlackBerry licensing deal won't be renewed in August, putting the future of BlackBerry smartphones in doubt

New CFO brings public markets discipline to Darktrace (Cambridge Network) Darktrace, the world’s leading cyber AI company, today announced that Cathy Graham will join as its new Chief Financial Officer (CFO) on 10th February.

Products, Services, and Solutions

PAS Global Introduces Solutions to Ensure OT Integrity (PAS Global) New product releases optimize cybersecurity, process safety, and digitalization

Radiflow Launches Business-driven Industrial Risk Analytics Service (PR Newswire) Radiflow, a leading provider of cybersecurity solutions for industrial automation networks, today announced that the company has launched...

Mimecast Expands E-Discovery Capabilities to Help Increase Productivity for Legal and IT Teams (Globe Newswire) Mimecast Case Review Redesigned to Offer Rich Dashboards and Reporting, Powerful Search and Legal Hold Functionality

EMVCo certifies Trustonic to secure mobile payments apps (Finextra Research) Mobile device and app security leader Trustonic today announces that its trusted execution environment (TEE)* solution is the first hardware-backed TEE to complete the EMVCo Software-Based Mobile Payments security evaluation process.

eperi and Netskope: Strong Alliance Between Two Cloud Security Leaders (Yahoo) Cloud services are being adopted at a significant rate, with recent statistics showing that 85% of enterprise internet traffic flows to and from cloud services. Therefore, the high need of an all-embracing cloud security solution, looking at access and behavioral user interaction as well as securing

Nehemiah Security Releases Risk Quantifier 3.4 (PR Newswire) Nehemiah Security, the industry leader in automated cyber risk quantification, announces the general availability of Risk Quantifier™ version 3....

Rackspace Announces FedRAMP Authorized Platform on Amazon Web Services (Globe Newswire) Rackspace extends its FedRAMP authorization to include Amazon Web Services, Inc. (AWS) within Rackspace Government Cloud (RGC), a managed security and compliance platform, enabling state-of-the-art private, public and hybrid cloud solutions for the government ecosystem.

Technologies, Techniques, and Standards

DHS creates ‘tabletop in a box’ for local election security drills | StateScoop (StateScoop) A new guidebook offers local election officials step-by-step drills of what to do and who to call in the event of an actual cyberattack.

NIST Drafts Guidelines for Coping With Ransomware (Data Breach Today) The National Institute of Standards and Technology has unveiled a pair of draft practice guidelines that offer updated advice and best practices on how to protect

Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events (NCCOE) The National Cybersecurity Center of Excellence (NCCoE) has released a draft of National Institute of Standards and Technology (NIST) Cybersecurity Special Publication 1800-25, Identifying and Protecting Assets Against Ransomware and Other Destructive Events, for public comment.

Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events (NCCOE) The National Cybersecurity Center of Excellence (NCCoE) has released a draft of National Institute of Standards and Technology (NIST) Cybersecurity Special Publication 1800-26, Detecting and Responding to Ransomware and Other Destructive Events, for public comment.

Red Teamer's Cookbook: BYOI (Bring Your Own Interpreter) (Black Hills Information Security) Marcello Salvati // This fairly lengthy blog post aims at providing Red Team Operators ideas on how to incorporate BYOI tradecraft into their own custom tooling and get those creative malware development juices flowing. This blog post can also serve as a “light” introduction to .NET and how to write basic C2, so there’s hopefully …

Compliance: Watch your step! (SC Media) Avoiding the perilous pitfalls of compliance It’s no secret that Fortune 1000 CISOs struggle with compliance, but the pitfalls that fuel the most

Why protecting remote workers from cyber attack should be a top priority for your security team in 2020 (IT Brief) As logging in from anywhere becomes the norm for more Australians, implementing cybersecurity strategies to support the remote working model has become an imperative for local organisations.

Alexa, Protect My Privacy (Kiplinge) Take steps to keep speakers, security cameras and other smart devices safe from hackers who want to steal your data--or worse.

Design and Innovation

Apple proposes simple security upgrade for SMS 2FA codes (Naked Security) Apple thinks it’s come up with a simple way to make SMS two-factor authentication (2FA) one-time codes less susceptible to phishing attacks.

Google launches open-source security key project, OpenSK (Naked Security) OpenSK is a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key.

Another Boeing Software “Glitch” (BlogInfoSec) How I hate the word “glitch,” which is commonly used to describe faulty software in press reports, blogs, and the like. In my opinion, it trivializes serious software errors.

Research and Development

ANALOG sensors can be hacked and OT network monitoring can’t detect it – a hole in ICS cyber security (Control Global) If you can’t trust your process sensor measurements (e.g., pressure, level, flow, temperature, voltage, current, etc.), you have no cyber security, process safety, or resilience, along with very significant incremental risk.

Anonymized Data May Be Less Anonymous Than You Thought (The Mac Observer) Students at Harvard built a tool to analyze datasets from data breaches. They could identify an individual despite promises of anonymized data

Have a first aid question? Don't ask Siri. (Mashable) Researchers put smart assistants to the test in emergency situations.

Academia

Harvard cancels digital security talk led by spyware-linked lecturer (The Verge) "Unfortunately, this event has been canceled..."

Leading NYU Tandon hardware security researcher named an IEEE fellow (Yahoo) New York University School of Engineering Professor Ramesh Karri has been named a fellow of the Institute of Electrical and Electronics Engineers (IEEE), the world's largest technical professional association, for his contributions to and leadership in trustworthy electronic hardware. Karri is a

Legislation, Policy, and Regulation

Philippines steps up security to shield power grid from foreign control (Reuters) The Philippines is beefing up security protocols to protect its energy sector fr...

Due To Increasing Cybercrime, Government Proposes Cyber Forensics University To Tackle The Situation (NewsGram) With cyber crimes increasing at a rapid rate, the government on Saturday proposed National Police University and National Forensic Science.

NGCP head bares cyber attacks on power grid, irks lawmakers (Inquirer) Did the National Grid Corp. of the Philippines (NGCP) just admit that the country’ power grid had been “attacked” by hackers? Yes, a “hundred times already” in just...

Huawei, ZTE urge U.S. not to impose national security risk labels (Reuters) Huawei Technologies Co Ltd and ZTE Corp <000063.SZ> on Monday both asked the U.S...

Huawei: UK’s evidence-based decision good for more advanced and secure telecoms infrastructure (East African Business Week) Huawei is reassured by the UK government’s confirmation to allow it to participate in the country’s 5G roll-out.

House Republicans introduce resolution condemning UK's decision to allow Huawei in 5G networks (TheHill) A group of House Republicans on Monday introduced a resolution condemning the British government’s decision to allow Chinese telecommunications group Huawei limited involvement in its 5G networks despite pressure from the Trump administration to b

When the homefront becomes the (cyber) front line (Fifth Domain) The ability of adversaries to target military families using their digital footprint significantly alters the risk of military service and potentially changes the calculus of war.

With Cybercriminals on the Attack, States Help Cities Punch Back (Pew Trusts) Some states don’t collaborate with cities and counties to improve cybersecurity.

Wolf 51 returns as Pacific Air Forces Air, Cyberspace Ops director (DVIDS) Major Gen. Scott L. Pleus., Director of Air and Cyberspace Operations, Headquarters Pacific Air Forces, visited Kunsan Air Base, Republic of Korea, as a guest speaker during the 8th Fighter Wing Annual Awards Ceremony to share his experience as Wolf 51 with the current members of the Wing on Jan. 31.

Litigation, Investigation, and Law Enforcement

Ex-CIA Engineer Set to Go on Trial for Massive Leak (Wall Street Journal) Manhattan federal prosecutors are poised to open their case Tuesday in the trial of a former CIA software engineer charged with handing over a trove of classified information on the spy agency’s hacking operations to WikiLeaks.

As Vault 7 trial begins, Joshua Schulte's attorneys will argue he's a whistleblower (CyberScoop) While the U.S. has charged Joshua Schulte with transmitting files detailing CIA hacking tools, his lawyers have given no indication that he acted out of conscience.

Russia rejects appeal from former U.S. Marine held on spying charges (Reuters) A Russian court on Tuesday upheld a decision to keep former U.S. Marine Paul Whe...

FTC warns VoIP providers that help robocallers: we can and will sue (Naked Security) It put 19 internet-calling companies on notice that helping illegal robocalls is illegal. It has sued before, and it can do it again.

Charges dropped against Coalfire security team who broke into courthouse during pen test (ZDNet) Miscommunication led to arrests during a midnight physical security test.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Insider Threat Program Management With Legal Guidance Training Course (Austin, Texas, USA, April 1 - 2, 2020) This two- day intense training course will ensure the Insider Threat Program (ITP) Manager / Senior Official, Insider Threat Analyst, FSO, and others who support the ITP (CSO, CIO, CISO, IT, Network Security,...

Upcoming Events

CPX 360 Vienna (Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover...

5t​h​ Annual Atlanta Cyber Security Summit (Atlanta, Georgia, USA, February 5, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from The FBI, U.S. Secret Service, U.S. Dept. of Homeland...

Suits & Spooks, 10th Anniversary: Taking Ownership of the Future of our Security (Washington, DC, USA, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers engage in discussion and debate of cyber/physical security challenges over the course of two days. World-class...

Meeting To Discuss Insider Threat Detection On Computer Systems & Networks (Laurel, Maryland, USA, February 11, 2020) The National Insider Threat Special Interest Group will hold a meeting to discuss the findings of a workshop that was held in 2019. The workshop was done in partnership with the University of Maryland’s...

2020 OurCrowd Global Investor Summit (Jerusalem, Israel, February 11 - 13, 2020) We’re expanding the Summit to three days! Invite-only events will take place February 11-12, with Summit Day on February 13. Summit Week will be packed as ever, with corporate meet ups, VC forums, insider...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.