skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

The Wall Street Journal says the US Justice Department is preparing criminal charges against Huawei in a case involving alleged theft of intellectual property from T-Mobile. Reuters reports that two bills pending in Congress would give the US Government more latitude to act swiftly against sanctions violations and other misbehavior by foreign companies. The measures are seen as directed against China.

Trend Micro reports a large Magecart campaign operated through a compromised advertising supply chain.

How secure are industrial radio controllers? Apparently less secure than a garage door opener, a Trend Micro study suggests. The RF controllers are also connected to far more consequential systems than a garage, and interface with significant safety measures.

Its creator may be behind bars, but ZDNet notes that the NanoCore remote access Trojan continues to circulate in the wild. Fortinet researchers are observing the RAT's propagation via malicious Word documents. The malware is proving unusually resistant to eradication from infected systems.

Dark Reading reports that a major data exposure at the Oklahoma Securities Commission is under investigation. Personal, corporate, legal, and system information are at risk.

The fake Washington Post issue distributed yesterday was a satirical prank by the Yes Men, a progressive activist group that doesn't care for President Trump.

Fortune and the Washington Post report that contractors and civil servants fear that the ongoing US Federal Government shutdown exposes the country to growing cyber risk. That's not of course exactly an admission against interest, but the concerns being expressed aren't idle, either.

Notes.

Today's issue includes events affecting China, Germany, Iran, Israel, Republic of Korea, NATO/OTAN, Poland, Russia, Sweden, United Kingdom, United States.

Bridge the Gap Between Policy & Technology at Georgetown

The Georgetown University Master's in Cybersecurity Risk Management prepares you to navigate today’s increasingly complex cyber threats. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. Join us for a webinar on Tuesday, January 29, at noon ET to explore our program.

In today's podcast, up later this afternoon, we speak with our partners at CenturyLink, as Mike Benjamin gives us an update on the Mylobot botnet. Our guest, Angie White from Iovation, discusses PSD2, the payment services directive update.

And Hacking Humans is up, too. In this episode, "Prisoners have nothing but time," Joe shares the tale of a prisoner running a variety of romance scams from the inside. Dave outlines direct deposit scams. The catch of the day is a clever variation from (where else?) Nigeria. Our guest is Sam Small from ZeroFox, the social media and digital protection company.

Proactive Cybersecurity: Modeling Adversarial Behavior (Online, January 23, 2019) Join LookingGlass Product Manager, Dan Martin, and Security Ledger Editor-in-Chief, Paul Roberts for an introduction to ScoutThreat™, a threat management platform that helps security analysts streamline threat analysis work and extract the maximum value from threat intelligence.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, March 13, 2019) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 13th, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. Register today!

Cyber Attacks, Threats, and Vulnerabilities

Hackers breach and steal data from South Korea's Defense Ministry (ZDNet) Government says hackers breached 30 computers and stole data from 10.

Massive Oklahoma Government Data Leak Exposes 7 Years of FBI Investigations (Forbes) FBI files dating back to 2012 leaked by the Oklahoma Securities Commission. Cybersecurity researchers warn of a major compromise of sensitive government data.

Trisis investigator says Saudi plant outage could have been prevented (CyberScoop) A researcher who responded to the attack on Saudi petrochemical plant says the initial incident was not thoroughly investigated.

Fake editions of The Washington Post handed out at multiple locations in D.C. (Washington Post) The print papers were filled with anti-Trump stories, which also appeared on a website that mimicked the official Post site.

An Astonishing 773 Million Records Exposed in Monster Breach (WIRED) Collection #1 appears to be the biggest public breach yet, with millions of unique passwords sitting out in the open.

Out of Commission: How the Oklahoma Department of Securities Leaked Millions of Files (UpGuard) A storage server configured for public access exposed millions of files belonging to the Oklahoma Securities Commission.

Inadvertent Exposure of Archived Data (Oklahoma Department of Secuirties) The Oklahoma Department of Securities (ODS) has initiated a comprehensive review of the circumstances surrounding an incident involving the inadvertent exposure of information during installation of a firewall.

New Magecart Attack Delivered Through Compromised Advertising Supply Chain (TrendLabs Security Intelligence Blog) We looked into Magecart's latest online skimming activity: injecting malicious code to the JavaScript library of a third-party advertising network.

Now That's Fake News: The Ironic Reason Activists Handed Out Phony Washington Post Newspapers (Fortune) "Unpresidented" read one headline about Donald Trump's supposed resignation from office.

Anti-Trump Activists Defend Fake-Washington Post Stunt (WIRED) Protesters have created satirical newspapers before, but the tactic comes with more baggage in the era of fake news.

LoJax: Fancy since 2016 (NETSCOUT Threat Intelligence) In May of last year, ASERT Researchers reported on LoJax, a double-agent leveraging legitimate software to phone home to malicious command and control (C2) servers. Since the publication of our research, we’ve monitored a number of new malware samples and additional research we believe Fancy Bear (APT28) operators use as part of their toolkit.

Hackers Can Abuse Legitimate Features to Hijack Industrial Controllers (SecurityWeek) Hackers can abuse legitimate features present in industrial controllers to hijack these devices and gain a foothold in a network, a researcher warns.

Your Garage Opener Is More Secure Than Industrial Remotes (BankInfo Security) Radio controllers used in the construction, mining and shipping industries are vulnerable to hackers, Trend Micro says in a new report. To address the issue,

Attacks Against Industrial Machines via Vulnerable Radio Remote Controllers: Security Analysis and Recommendations (Tend Micro) Radio frequency (RF) technology is being used in operations to control various industrial machines. However, the lack of implemented security in RF communication protocols could lead to production sabotage, system control, and unauthorized access.

A Security Analysis of Radio Remote Controllers for Industrial Applications (Trend Micro) Radio frequency (RF) remote controllers are widely used in manufacturing, construction, transportation, and many other industrial applications. Cranes, drills, and miners, among others, are commonly equipped with RF remotes. Unfortunately, these devices have become the weakest link in these safety-critical applications, characterized by long life spans, high replacement costs, and cumbersome patching processes. Given the pervasive connectivity promoted by the Industry 4.0 trend, we foresee a security risk in this domain as has happened in other fields.

NanoCore Trojan is protected in memory from being killed off (ZDNet) If you are infected with this malware, you might find it is more difficult to eradicate than standard Trojans.

.Net RAT Malware Being Spread by MS Word Documents (Fortinet Blog) Fortinet’s FortiGuard Labs captured a malicious MS Word document from the wild that contains auto-executable malicious VBA code that can spread and install NanoCore RAT software on a victim’s Windo…

Million damage: Criminals extort companies with new malicious software (Insider) The Federal office for information security (BSI) warns strongly against a young, but dangerous pest – the comes across an old acquaintance. The Malware will download other Trojan, and can then cause in a corporate network, a lot of damage.

Ryuk ransomware poses growing threat to enterprises (SearchSecurity) Research from CrowdStrike and FireEye refute reports that North Korea is behind the Ryuk ransomware, and CrowdStrike said Russian-speaking cybercrime group known as Grim Spider is behind the attacks on enterprises.

Cryptomining Malware Uninstalls Cloud Security Products (Threatpost) New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.

The Rise and Fall of Ashiyane - Iran's Foremost Hacker Forum (SecurityWeek) A new from Recorded Future looks at the rise and fall of Ashiyane -- Iran's first and foremost security forum -- and its figurehead, Behrooz Kamalian.

Lockheed Martin executive: Reported Navy hack did not impact Aegis Common Source Library (InsideDefense.com) A recently reported hack of Navy contractors did not affect Lockheed Martin's Aegis Common Source Library, according to a company executive.

I can get and crack your password hashes from email (CSO Online) Malicious hackers can use a simple trick to get your Windows computer to authenticate to a remote server that captures your password hash — just by sending you an email. Take these steps to test for the vulnerability.

ThinkPHP Exploit Actively Exploited in the Wild (Akamai) While investigating the recent Magecart card skimming attacks, I came across a payload I was not familiar with. Further research into it lead me to discover that in December a researcher disclosed a remote command execution vulnerability in ThinkPHP, a...

Decrypted Telegram bot chatter revealed as new Windows malware (TechCrunch) Sometimes it take a small bug in one thing to find something massive elsewhere. During an investigation recent, security firm Forcepoint Labs said it found a new kind of malware that was found taking instructions from a hacker sending commands over the encrypted messaging app Telegram . The researc…

Be Careful Using Bots on Telegram (WIRED) Introducing a bot to a secure Telegram conversation downgrades the level of encryption—without providing any visual cues.

Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics (TrendLabs Security Intelligence Blog) Malicious apps on Google Play were trying to drop the Anubis banking malware on unsuspecting users. They were also using an innovative new evasion tactic.

Are you sure those WhatsApp messages are meant for you? (Naked Security) Abby Fuller got a shock when she logged into WhatsApp using a new telephone number. She found someone else’s messages waiting for her.

More .gov Domains Hit by Government Shutdown (SecurityWeek) The number of US government domains for which security certificates were left to expire due to the government shutdown has exceeded 130. One impacted domain belongs to the White House.

Government Shutdown Puts U.S. at Major Hacking Risk, Cybersecurity Experts Warn (Fortune) "We have laid out the welcome mat to any and all nefarious actors."

Analysis | The Cybersecurity 202: Government cyber workers increasingly concerned hackers will strike during shutdown (Washington Post) A furloughed worker says a bare-bones staff isn't enough.

Security Patches, Mitigations, and Software Updates

Oracle Critical Patch Update - January 2019 (Oracle) A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes.

Intel patches another security flaw in SGX technology (Naked Security) Of the six advisories Intel released last week, the most interesting is a flaw discovered in the company’s Software Guard Extensions (SGX).

Cyber Trends

WEF: Cyber Attacks a Major Global Risk for Next Decade (Infosecurity Magazine) Annual report reveals continued concerns over online theft and disruption

2019 Study on America’s Relationship with Cybercrime (ERP Maestro) Years ago, theft concerned one of two things: money or property. In the digital age, lines have blurred.

IoT Security Is (Still) a Gigantic Mess (PCMAG) Over half of companies still can't detect Internet of Things breaches, and a majority of consumers fear a lack of privacy with IoT devices, according to Gemalto's State of IoT Security report.

Marketplace

Filling the Growing Cyber Workforce Gap (SIGNAL Magazine) Rob Joyce, senior cyber advisor to the director, NSA, tells attendees at CERTS that there needs to be systemic changes to fill the cyber talent gap.

Analysis | The Cybersecurity 202: A bump in Washington-area cyber startups could bring new blood to government (Washington Post) Venture capital funding for D.C. cyber firms is up 50 percent since 2015.

Why You Should Consider the NSA’s Commercial Solutions for Classified Program (Technology Solutions That Drive Government) The program certifies commercial tools defense and intelligence agencies can use to build encrypted networks and helps streamline IT footprints.

Marriott looks to reboot loyalty plan after cyber attack (Channel NewsAsia) Marriott International Inc on Wednesday unveiled a new brand name for its loyalty programs, as the hotel chain looks to rebuild its image ...

FBI Awards Salient CRGT $40M Cyber Contract | WashingtonExec (WashingtonExec) The FBI has awarded Salient CRGT a $40.1 million prime contract for cybersecurity services, the company announced. Under the task order, awarded under the

These 3 software companies are good bets during a slowdown, says Morgan Stanley (CNBC) Morgan Stanley highlights three software stocks that can outperform even during a "slowing macro environment," thanks in part to a focus on recurring revenue streams.

ExtraHop Blows Past the $100 Million Milestone Fueled by 10x Growth in Security (ExtraHop) Enterprise Security Analytics Company Poised for a Breakout 2019 with Continued Innovation, GTM expansion, and a Spate of Industry Recognition

CenturyLink Adds Singapore to Global Security Operations Center Footprint (MediaRoom) As the global threat landscape continues to increase in size and complexity, so does the number of add-on security solutions designed to address these challenges. In response, enterprises around...

Thales and Wales Partner to Build £20 Million National Digital Centre (Computer Business Review) The Welsh government has entered into a partnership with French technology and security company Thales Group to deliver a cyber research...Thales and Wales

BAE Systems to open office in expanded Georgia cyber centre (Jane's 360) BAE Systems has announced that it plans to lease an office within the Georgia Cyber Center in Augusta, which has just been expanded to encourage more companies to invest in the growing industry within the US state. The company said that by locating itself at the centre, which boasts having received

Noblis Names Rich Jacques Vice President of Intelligence (Benzinga) Noblis, Inc., a leading provider of science, technology, and strategy services, is pleased to announce that Rich Jacques has...

Deep Instinct Continues Momentum in ANZ With New Hires and Business Wins (BusinessWire) Deep Instinct, the first company to apply deep learning to cybersecurity, today announced the company’s continued growth, expansion and investment in

Products, Services, and Solutions

Cofense Launches MSSP Program to Provide Essential Phishing Defense Capabilities to Small and Midsized Businesses (PR Newswire) Today Cofense™, the leading provider of human-driven phishing defense solutions world-wide, launched its Managed...

Pulse Secure launches new vADC Community Edition to help developers build smarter applications for container and cloud platforms (GlobeNewswire News Room) Free to use virtual Application Delivery Controller (vADC) software offers a robust, agile platform for software developers with seamless transition into production environments

Cybeats Releases IoT Security App on Palo Alto Networks Framework (SDxCentral) The Cybeats IoT Radar app provides internal defense, monitoring, and lifecycle management directly to IoT devices.

Gemalto to Produce Secure and Innovative Healthcare Cards for Quebec (BusinessWire) Gemalto (Euronext NL0000400653 - GTO), the world leader in digital security, and the Société de l'assurance automobile du Québec (SAAQ) have been chos

Technologies, Techniques, and Standards

Why it's So Hard to Implement IoT Security (SecurityWeek) IoT security is a tough challenge — involving everything from hard to implement standards; hard to reach industrial components; and choices on how to integrate security around both older “brownfield” and newer IoT systems and equipment.

In the Era of Electronic Warfare, Bring Back Pigeons (War on the Rocks) On April 16, 1919, the troop transport Ohioan docked at Hoboken, New Jersey. Among the various disembarking members of the American Expeditionary Forces

Building your forensic analysis toolset (CSO Online) Every security team should have these types of digital forensics tools available. Many are free, and there are enough options to find one that suits your skills and approach.

Threatpost Survey Says: 2FA is Just Fine, But Go Ahead and Kill SMS (Threatpost) Our reader poll showed overwhelming support for 2FA even in the wake of a bypass tool being released — although lingering concerns remain.

Design and Innovation

Siemens is beating hackers at their game   (Manufacturers' Monthly) Siemens’ cybersecurity experts are taught to “think like a hacker” as a means to stay ahead of an ever-growing number of cyberattacks.

Facebook's '10 Year Challenge' Is Just a Harmless Meme—Right? (WIRED) Opinion: The 2009 vs. 2019 profile picture trend may or may not have been a data collection ruse to train its facial recognition algorithm. But we can't afford to blithely play along.

Three quarters of Facebook users unaware of how much it knows about them (The Telegraph) Most Facebook users don't realise how much Facebook knows about them and are uncomfortable with it when they find out, research suggests.

Research and Development

DARPA awards GrammaTech $8.4m for autonomous cyber hardening technology (New Electronics) GrammaTech, a developer of commercial embedded software assurance tools and advanced cybersecurity solutions, has been awarded a $8.4 million, 4-year contract from Defense Advanced Research Projects Agency (DARPA), an agency of the US Department of Defense.

Academia

Stephenson Technologies launches cybersecurity partnership with Israeli firm (Baton Rouge Business Report) LSU’s applied research corporation Stephenson Technologies is partnering with Israel-based Check Point Software Technologies to develop cybersecurity training programs.

Legislation, Policy, and Regulation

Polish PM urges allies to spend more on cybersecurity (Polskie Radio dla Zagranicy) Poland’s prime minister on Wednesday urged allies to increase spending on cyber security, a news agency reported.

Polish Prime Minister Urges Allies to Beef Up Cybersecurity Budgets (Atlantic Council) Polish Prime Minister Mateusz Morawiecki on January 16 called for a collective Western response to cyber threats while urging allies to increase spending on cybersecurity. “I call on you today and encourage your leaders and governments to spend...

US cyber commander warns countries to ‘wise up’ over the threat of cyber attacks (First News) A former Commander General in the United States Cyber Command (USCYBERCOM) has said that tougher regulations are needed by countries to combat cyber attacks.

Sweden to train 'cyber soldiers' during military service (The Local) The Swedish Armed Forces will increase the number of military conscripts from next year, and for the first time will train 'cyber soldiers' to defend the country from possible cyber attacks.

China’s first steps before going to battle (C4ISRNET) A new report released by the Defense Intelligence Agency explains why the Chinese military could target command and control systems before any conflict begins.

3 ways China’s military could use cyber in war (Fifth Domain) A new report articulates how China might use cyber capabilities during a conflict.

U.S. official cautions Israel over Chinese investments (Reuters) A U.S. official cautioned Israel on Wednesday over investments from China, citin...

China calls proposed U.S. legislation against Huawei, ZTE 'hysteria' (U.K.) China's Foreign Ministry said on Thursday that proposed U.S. legislation ta...

U.S. legislation steps up pressure on Huawei and ZTE, China calls... (Reuters) A bipartisan group of U.S. lawmakers introduced bills on Wednesday that would ba...

Cotton, Van Hollen, Gallagher and Gallego Introduce Bill to Impose Denial Orders on Chinese Telecom Companies That Violate U.S. Sanctions (Senator Tom Cotton) Senator Tom Cotton (R-Arkansas), Senator Chris Van Hollen (D-Maryland) and Representatives Mike Gallagher (R-Wisconsin), Ruben Gallego (D-Arizona) introduced the bipartisan Telecommunications Denial Order Enforcement Act to direct the President to impose denial orders banning the export of U.S. parts and components to Chinese telecommunications companies that are in violation of U.S. export control or sanctions laws.

Joe Lieberman Called Chinese Telecom Giant ZTE a National Security Threat. Now He’s a Lobbyist for It. (The Daily Beast) The former senator says he can better serve his new client precisely because he was once a critic.

How the US Chooses Which Zero-Day Vulnerabilities to Stockpile (Dark Reading) When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.

Litigation, Investigation, and Law Enforcement

Federal Prosecutors Pursuing Criminal Case Against Huawei for Alleged Theft of Trade Secrets (Wall Street Journal) U.S. prosecutors are pursuing a criminal investigation of China’s Huawei Technologies for allegedly stealing trade secrets from U.S. business partners.

Huawei Connection: The Trail of Documents (Security Boulevard) News of additional Huawei bad behavior, via Steve Stecklow, Babak Dehghanpisheh, James Pomfretall (and additional reporting by Nadia El-Gowely, Bozorgmehr Sharafedin and Shadia Nasralla) all writing for Reuters, exposes the questionable activities of Huawei in Iran and Syria and detailed in documents now held by US law enforcement authorities. Bad behavior, indeed.

Barr hearing: Feinstein says she won’t vote for attorney general nominee unless he promises to release Mueller report (Washington Post) The comment from the Senate Judiciary Committee’s top Democrat came on the second day of William Barr’s confirmation hearing.

Trump Must Be a Russian Agent; the Alternative Is Too Awful (WIRED) We know a lot about the “what” of the Mueller probe’s findings. The crucial questions now focus on the “why.”

Rick Gates Tells Mueller About Trump Team's Dealings With Israeli Intelligence Firm (The Daily Beast) Psy Group delivered plans for ‘social media manipulation’ in 2016 and the special counsel is digging in as part of his probe into Mideast influence.

Republican Committee Leaders Probe Wireless Carriers and Third Parties Over Location Sharing Practices (Energy and Commerce Committee) House Energy and Commerce Committee leaders today sent letters requesting information from six companies about the sale and misuse of cell phone geolocation data. The letters were sent to Zumingo, Microbilt, T-Mobile, AT&T, Sprint, and Verizon. The letters seek to increase transparency surrounding how U.S. wireless carriers and third parties are accessing, …

Sprint to Stop Selling Location Data to Third Parties After Motherboard Investigation (Motherboard) After AT&T and T-Mobile said they would stop selling their customers’ phone location data to third parties, Sprint followed suit. A Motherboard investigation found all three telcos selling data that ultimately ended up in the hands of bounty hunters.

IG Cites Several Cybersecurity Concerns for the NSA (Meritalk) On Tuesday, the Office of the Inspector General (OIG) released a semi-annual report of the National Security Agency (NSA) to Congress that cited several security concerns for the agency’s technology and data.

“Stole $24 Million But Still Can’t Keep a Friend” (KrebsOnSecurity) Unsettling new claims have emerged about Nicholas Truglia, a 21-year-old Manhattan resident accused of hijacking cell phone accounts to steal tens of millions of dollars in cryptocurrencies from victims.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

National Security Technology Forum and Exposition (NSTFX) (San Diego, California, USA, February 12, 2019) AFCEA International and the University of California, San Diego are proud to host a new and innovative event entitled “The National Security Technology Forum and Exposition (NSTFX)”. NSTFX will bring...

(ISC)² Secure Summit DC (Washington, DC, USA, April 23 - 24, 2019) (ISC)² Secure Summit DC evolved to assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of our event is to equip security leaders...

National Cyber Summit (Huntsville, Alabama, USA, June 4 - 6, 2019) National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising...

Upcoming Events

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...

CPX Americas 360 2019 (Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security...

QuBit Conference Belgrade 2019 (Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...

NITSIG Meeting: Insider Threat Detection & Mitigation Using External Data Sources (Laurel, Maryland, USA, February 12, 2019) Gathering and analyzing Internal data sources is very important for Insider Threat Detection. Equally important is knowing what External data sources are also available to create the "Big Picture" of potential...

National Security Technology Forum and Exposition (NSTFX) (San Diego, California, USA, February 12, 2019) AFCEA International and the University of California, San Diego are proud to host a new and innovative event entitled “The National Security Technology Forum and Exposition (NSTFX)”. NSTFX will bring...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.