Facebook and Twitter bosses could be jailed in Britain for Data Privacy

If those heading companies like Facebook and Twitter fail to protect their user data in Britain, then there is a chance that they might be sentenced to a jail term for a specific period in the year 2020.

Yes, this is what is going to be brought up by the government of the UK early this year and the bill is said to help regulate social media in the UK.

In January 2020 the government of the UK will publish its response about the bill after consulting a few more issues with the think tanks and will issue a regulatory for the social media companies to follow if they want to continue doing business in the UK after Brexit.

And as a part of the regulatory, the tech giant bosses need to follow some rules or face penalties or even a prison sentence if they fail to go by the statutory guidelines monitored by Britain’s Ofcom.

News is out that any data breach will make the senior management of tech companies liable for prosecution under which they can be sentenced to a 10-40 day imprisonment statement if their company fails to protect user data.

Furthermore, all technology firms like Facebook, Twitter, and Google will be asked to appoint a director who has to be based in Britain and will be accountable to all data breaches.

Currently, tougher measures such as blocking sensitive content to a certain section of internet users or an entire region have been sidelined due to reasons. However, censoring X-rated content, especially that which encourages crimes against children and content which puts a dent to national security will be manifested.

The post Facebook and Twitter bosses could be jailed in Britain for Data Privacy appeared first on Cybersecurity Insiders.

January 01, 2020 at 10:32AM

Read More

Cloud Security confidence surging up says Barracuda Networks

As more and more companies are making a quick approach towards public cloud, security has become a prime concern to them. However, the confidence is growing says a survey conducted by Barracuda Networks after it took responses from over 850 security professionals.  

 

Barracuda Survey on Cloud Security states that 44% of its respondents were confident that their cloud security platforms were secure enough to block or thwart any cyber intrusions. While 33% of them felt that their on-premise data centers were more secure than public cloud platforms as cloud adoption needs hiring skilled labor which might prove burdensome for businesses who are struggling to make profits in this competitive driven age.

 

Barracuda discovered that 47% of respondents were facing a shortage of Cybersecurity skills and so delayed or dropped the plan of adopting cloud platforms for their on-premise workloads.

 

Another 42% felt that cloud environments were complex and so it was tough to gain visibility into them.

 

Now to those firms which are vying to make a mark in the cloud world, end-users need to have an awareness training module when it comes to compliance, visibility, and cloud security. Also, they need to understand the fact that the supply of skilled staff is not as per the demand and in this situation building trust among the users is not that easy.

 

Note- Barracuda Networks offers products related to security, networking, and storage over network or cloud. Its products related to data backup and protection is renowned in the tech industry.

 

The post Cloud Security confidence surging up says Barracuda Networks appeared first on Cybersecurity Insiders.

January 01, 2020 at 10:29AM

Read More

Why CJIS mobile compliance might be easier than you think

Guest blog By Andrew King, AT&T Global Account Director, MobileIron
Although we just wrapped up National Cybersecurity Awareness Month in October, security professionals never take a break — because cybercriminals don’t either. That’s especially true for folks who work in law enforcement. Every day they are on the front lines helping to protect the public and solve crimes using Criminal Justice Information (CJI) such as crime reports and fingerprints. Protecting this information is extremely important, which is why Criminal Justice Information Services (CJIS) was created in 1992 to outline best-practice security requirements.
You may already know about CJIS, but did you also know that CJIS guidelines include a section about mobile device security?
This section outlines recommendations that various agencies can use to meet CJIS compliance and prevent data from falling into the wrong hands. Although agencies can follow a number of steps to…

Posted by: Andrew King

Read full post

      

The post Why CJIS mobile compliance might be easier than you think appeared first on Cybersecurity Insiders.

January 01, 2020 at 09:09AM

Read More

The Bitglass Blog

This city in North America, a hub for financial services, is in the midst of their digital transformation to the cloud.  With apps and data moving to the cloud, users could access sensitive data from any device, anywhere. The incumbent firewall vendor pushed hard for the city to deploy more firewall appliances, with VPN agents and Firewall-as-a-Service to enable mobility.

The post The Bitglass Blog appeared first on Cybersecurity Insiders.

December 31, 2019 at 09:09PM

Read More

Microsoft Windows experiences Cyber Threat from North Korea Thallium

Microsoft Digital Crimes Unit (DCU) has confirmed that a North Korean hacking group code-named as Thallium by Microsoft researchers is targeting windows loaded systems of well-known celebrities which includes University staff, political think tanks, those operating nuclear grids, as well as activists working for world peace and human rights.

The DCU of Microsoft says that the cyber threat persists from Advanced Persistent Threat(APT) hacking group shortly known as APT37 and only seen targeting Windows machines operating in United States, Japan, and North Korea.

Tom Burt, the Corporate Vice President of Customer Security and Trust, Microsoft has confirmed the news in a statement released on the official blog of December 30th,2019.

Burt added that Thallium is into multiple hacking activities which include targeting user credentials, implanting malware into computer networks to steal and exfiltrate data, and encrypting files on the victimized computer through ransomware or hibernating in the background till further instructions are activated by the said hacking group.

The good news is that Microsoft has taken control of over 50 domains held by Thallium to conduct malevolent cyber operations and has neutralized them on a permanent note. A report on the issue was submitted to the US district court last week which specified that Thallium victimized thousands of the people through spear-phishing attacks.

Microsoft’s Tom Burt stated that more work has to be done like raising awareness campaigns on what has been done so far to tackle cyber attacks and what still needs to be done proactively.

The post Microsoft Windows experiences Cyber Threat from North Korea Thallium appeared first on Cybersecurity Insiders.

December 31, 2019 at 08:39PM

Read More

2019 Worst Cyber Attacks

The year 2019 is soon going to be the past as in a few hours; the world is all set to ring into the year 2020 with a grand celebration. Coming to the cyber world, the year witnessed a lot of cyber attacks on public and private entities and some of the worst cyber attacks of 2019 are listed as below-

 

Ecuador Cyber Attack- A cyber attack on a database storing personal info of the Ecuadorian populace is said to have leaked sensitive info of more than 20 million populace which includes the data of their respective president Julian Assange- the Wikileaks founder who is now seeking asylum in an Asian nation. News is out that VPNMentor acted as a central hub for the data leak and the leaked info includes details of Ecuadorian National Bank, Ecuadorian Government Registers and a well-known automobile firm.

 

Data Leak of First American Corporation– Over a three-quarter billion mortgage deal documents in digital form was accessed by hackers when they’ve launched a cyber attack on the database of First American Corporation. And the breached data includes tax records, social security numbers, digital transaction receipts, driver’s license images, and bank account numbers. It is estimated that the hackers could have gained access to more than 885,000,000 files dating back to 2003-2004 and could have copied down the info as the database lacked a proper authentication procedure.

 

Oklahoma Department of Securities witnessed a breach in the current year as more than a million files related to several FBI investigations were accessed by hackers. According to a resource from UpGuard, the hackers could have breached into storage servers which had data stored on it since 1986. Reports are in that the federal firm failed to secure the data behind an efficient firewall which allowed the hackers to steal records via rsync service.

 

Trendmicro data breach- Trendmicro which is a Cybersecurity firm was left embarrassed in mid this year when hackers invaded its database to steal names, email addresses, support ticket numbers, and some contact details. And what’s interesting in this whole saga is that the firm came to know about the data breach when some of its customers started to complain about receiving phony calls from people claiming to be employees of Trend Micro. Prima Facie revealed that the hacker/the hacking group might have sold the details to the 3rd party and so tracking the culprits has become tedious.

 

Flipboard cyber attack- This year, news aggregating online website Flipboard experienced two cyber attacks. The first one was identified at the end of March’19 when the IT staff of the web services provider identified a data breach which took place between June 2nd, 2018 to March 23, 2019. The second attack took place between April 21st, 2019 and ended on April 22nd, 2019. As the news app was serving over 150,000,000 users, Flipboard estimates that the data breach could have impacted almost all its users. Later some noted media resources reported that Flipboard’s data breach where names, email addresses, and user names were leaked happened because the company used weak encryption algorithms while protecting user data.

 

Facebook data breach- The year 2019 proved embarrassing to the social media giant Facebook as the company hit the news headlines for having more than 540 million of its records leaked to hackers. Later on, a probe launched by Mark Zuckerberg’s company said that the information leak took place after a server related to Cultura Colectiva’s app was infiltrated by sophisticated hackers.

 

Fortnite app data breach– Popular gaming app Fortnite admitted that vulnerability in its website could have allowed hackers to take over any account and eavesdrop on a player’s activity with ease. The gaming website said that the vulnerability could have impacted over 200,000,000 accounts where the in-game currency holding was also found to be at threat.

The post 2019 Worst Cyber Attacks appeared first on Cybersecurity Insiders.

December 31, 2019 at 10:25AM

Read More

Kaspersky predicts that the year 2020 will witness cyber attacks on Investment apps

Russian Cybersecurity firm Kaspersky has given a 2020 prediction in which it stated that the apps related to investment, banking, financial data processing, and cryptocurrencies will be most vulnerable to cyber-attacks.

“As hacks on financial apps lead the hackers to potential financial gains they are being treated as most vulnerable in the coming year,” Kaspersky noted.

And as mobile-based investment apps are becoming increasingly popular, software applications that lack basic security features such as 2FA or multi-factor authentication are predicted to be increasingly targeted in the New Year 2020.

Kaspersky also estimates that the year 2020 will witness a trend where hackers will sell data related to network access to banks located in African and Asian regions. And the targets will most likely be small financial institutes and those companies which are about to be acquired by large scale enterprises.

Cryptocurrency platforms such as exchanges and e-wallet firms will also become soft targets to sophisticated hackers say the researchers from Kaspersky.

Furthermore, the upcoming year will also see a surge in cyberattacks on healthcare industries as many of the healthcare organizations are not showing any emphasis on protecting medical records, and in securing medical devices.

The Anti-malware solutions provider states that those heading the technology in the corporate world should pay attention to cloud infrastructure and also address growing risks of insiders accessing their networks. Also, telecom companies across the world, which are going for a 5G network transformation at the start of 2020, should start assessing and addressing the risks in advance, before it’s too late.

The post Kaspersky predicts that the year 2020 will witness cyber attacks on Investment apps appeared first on Cybersecurity Insiders.

December 31, 2019 at 10:21AM

Read More

Should cities pay a ransomware demand?

UPDATE: In a “ripped from the headlines” moment, we have real world confirmation of the growing risk discussed in this article. Breaking news over the weekend revealed that both the city of New Orleans and New Jersey’s largest hospital network are in the midst of dealing with serious ransomware attacks.
When you hear about data breaches and cyberattacks in the news, it’s usually in connection with a large company and has affected users across the globe. But that gives the impression that hackers only target huge enterprises when planning their next attack. The truth is just the opposite.
Because small organizations, like city and town governments, are forced to work with tight IT budgets but still need to comply with all rules and regulations, they often can’t afford to hire cybersecurity experts or invest in expensive software solutions. Hackers know this and focus their…

Posted by: Sam Bocetta

Read full post

      

The post Should cities pay a ransomware demand? appeared first on Cybersecurity Insiders.

December 31, 2019 at 09:10AM

Read More

IT Services provider Synoptek hit by Ransomware

California based IT services provider Synoptek has become a victim of a ransomware attack which has impacted thousands of its customers nationwide. And sources report that the file-encrypting malware might have entered the network early this month and locked down the files from December 23rd of this year.

What’s interesting in this malware saga is the fact that the IT staff of Synoptek did not want to take any kind of risks in the Christmas season and so bowed down to the demands of hackers by paying them a stipulated sum in the form of cryptocurrency.

According to the website, Synoptek is a Managed Service Provider (MSP) that offers cloud-based IT services to more than 1100 customers across various business segments like financial companies, healthcare, local governments, manufacturing, media, automobile, and software sectors.

Synoptek has released a press statement confirming the incident. But did not reveal anything about its ransom payment and remediation efforts.

Releasing a press update to CRN, Synoptek CEO Tim Britt revealed that the “holiday attack” did affect over 1,178 customers. But the incident was contained in time and the data was cent percent restored by December 26th,2019.

Prima Facie says Sodinokibi Strain Ransomware was used to encrypt files on the database of Synoptek. And a fair amount of ransom was demanded in exchange for the decryption key.

Note 1- Sodinokibi Ransomware was the malware that hit over 22 municipalities in Texas.

Note 2- Synoptek was purchased by a private equity firm called Sverica Capital Management in Nov’15. And since then the company which is still running on its registered name has acquired almost 4 companies like FusionStorm, EarthLink, Indusa and Dynamic Resources.

The post IT Services provider Synoptek hit by Ransomware appeared first on Cybersecurity Insiders.

December 30, 2019 at 08:45PM

Read More

5G is coming, are you prepared?

5G technologies and networks are bringing exciting new possibilities for the enterprise. Many organizations are taking a proactive stance by anticipating the security requirements that will come with the new technology. Given the multifaceted nature of 5G and security, it’s critical for organizations to understand the magnitude of this undertaking. 
You can check out a recent blog with some of the results of a recent study we conducted with 451 Group: AT&T Cybersecurity Insights™ Report: Security at the Speed of 5G. But wouldn’t a webinar be more fun? Great news – one is coming up soon: Wednesday December 4th at 12:00 PM CST.
In the webinar, we’ll cover: 
• How 5G will transform the network with such things as Multi-edge Computing (MEC) and IoT 
• Where 5G may present new security challenges and where it offers security benefits with a…

Posted by: Tawnya Lancaster

Read full post

      

The post 5G is coming, are you prepared? appeared first on Cybersecurity Insiders.

December 30, 2019 at 09:10PM

Read More

Kaspersky Free Antivirus now becomes a Cloud Security profile

Kaspersky, the Russian Cybersecurity firm has made it official that its much popular Free Antivirus has now been directed as Kaspersky Security Cloud which will be more advanced and will maintain all the flagship features which the previous basic security solution lacked to the core.

Kaspersky Security Cloud will be offering its customers a freeware license along with some advanced protection engine with extra capabilities like keeping a tab on any compromised account data and a password manager to secure the account and encrypts the data of the user to & fro via VPN- with limited traffic access.

As expected more advanced features will be available in the paid license format available for a premium.

Technically speaking, the Kaspersky Security Cloud was launched in Aug’18 and was being offered since then as a parallel cloud security product alongside Kaspersky Free Antivirus. From now onwards, the availability of the free antivirus will be barred and only the cloud solution will be available in the form of an application.

Those users who have been using the old version will receive the regular security updates – at least for the next few months. But all new users will have to go for the cloud security solution aimed at Windows OS and also the mobile version users of iOS and Android.

Note- In March 2015, a news article in Bloomberg, accused the Anti Virus giant of having close ties with the Russian military and intelligence. And in August 2015 this speculation strengthened further when the US NSA and the UK’s GCHQ confirmed that the antivirus giant was spying on its users and was transmitting data to remote servers located in Russia. However, CEO Eugene Kaspersky denied all these allegations as baseless.

The post Kaspersky Free Antivirus now becomes a Cloud Security profile appeared first on Cybersecurity Insiders.

December 30, 2019 at 10:31AM

Read More

Ireland outlines the new Cybersecurity Strategy to bolster its stand against Cyber Crime

Ireland has come up with a new Cybersecurity strategy which enables it to strengthen its stand against cybercrime with sophisticated standards and protections. Minister for Communications Richard Bruton said that his country has recognized cyber attacks as risks affecting the economy and governance and so has outlined best-practice standards meant to respond to such incidents efficiently and quickly.

“As the onus lies on the government to protect the nation’s telecom infrastructure, electricity systems and energy grids against cyber attacks, the new national cyber strategy is aimed to meet all demands and will be in respect to the international information standards”, said Bruton.

As it happens to emerge into a big business sector, it will also offer a lot of employment and work opportunities which in turn paves the way to the growth of the Irish economy added Richard Bruton.

According to a survey, cyber crimes have increased by 61% on Irish Businesses and it is estimated that in the last two years the businesses have suffered a £3.1 million loss via cybercrime.

A report published by the Comptroller and Auditor General last October has estimated a funding rise from £900,000 in 2016 to £4 Million in 2019. However, these figures did not an endorsement from the National Cyber Security Center as it needs a bit of research in terms of staff and technology.

The post Ireland outlines the new Cybersecurity Strategy to bolster its stand against Cyber Crime appeared first on Cybersecurity Insiders.

December 30, 2019 at 10:29AM

Read More

Ransomware attack on Maastricht University of Netherlands

The Maastricht University of Netherlands is reported to have become a victim of a ransomware attack on Tuesday this week and officials have pulled down all IT systems offline to contain the damage due to the cyber incident.

The file-encrypting based malware cyberattack was acknowledged on the website and the authorities from the educational institute have assured that the scientific data was unaffected by the ransomware. But have also confirmed on the same note that restoration of data might take several days.

Gert Van Doorn the spokesperson of the University confirmed the incident and said that the attack disrupted the email systems very badly.

An official statement released by the educational institute released a few hours ago has confirmed that the ransomware attack took place on DHCP servers, exchange servers, domain controllers and network drives deteriorating the service responders even further.

Cybersecurity Insiders has learned that Clop Ransomware which was discovered in Feb’19 was the culprit behind the disruption and is somehow related to CryptoMix Ransomware.

Technically speaking, the developers of Clop Ransomware have devised it in such a way that it encrypts a complete computer network instead of on individual workstations. And as soon as the malware infiltrates the network, it quickly locks down the files from access with a “.clop extension”. And a pop message detailing an email address and the instructions related to payment are then made available on the unencrypted document.

Clop Ransomware is having a history of infecting only Microsoft Windows systems by surpassing the windows defender and shuts down important processes like Microsoft Office before blocking data recovery attempts.

And another important note is that there is no decryptor available for the victims of Clop.

The post Ransomware attack on Maastricht University of Netherlands appeared first on Cybersecurity Insiders.

December 27, 2019 at 08:34PM

Read More

Florida Pensacola Maze Ransomware hackers release 2GB data on the internet

In a surprising move, the hackers who launched a Maze Ransomware attack on Pensacola city of Florida have released 2GB of data on the internet to prove the point that they have not encrypted only a few files unlike reported in the media and have enough to make money from the dark web.

 

Going by history, a ransomware attack that took place on the City of Florida early this month disrupted the services related to emails and phones and 311 customer services to a certain extent. 

All online payment services from Pensacola Energy and City of Pensacola Sanitation Services were halted. But the Police, Fire, and other public safety services weren’t affected by the cyber attack.

 

A source from tech resource Bleeping Computer says that the Maze Ransomware attack which took place on Pensacola City of Florida on December 7th, 2019 had the hackers have access to over 32GB of data. On Tuesday they released around 2GB of data filled files to prove to the media that they have enough to make money by selling the data on the dark web.

 

All that they are demanding is a $1 million ransom to free up the data from file-encrypting malware.

 

It is still unclear whether the hackers/hacking group intends to release more data to the internet if the authorities at the Pensacola play do not pay heed to their demands.

 

Note- Some hackers are now developing file-encrypting malware these days such as Maze which has the feature of first transmitting the files to remote servers and then locks down the system’s database from access.

 

The post Florida Pensacola Maze Ransomware hackers release 2GB data on the internet appeared first on Cybersecurity Insiders.

December 27, 2019 at 10:43AM

Read More

Cybersecurity advice on How to buy Smart Toys

As this Christmas season the sales of smart toys doubled from last year, security analysts are worried that it might put the children/users at risk as strangers can contact the smart toy owners through various security flaws.

Well, as manufacturers are being constantly urged by governments to improve the cyber hygiene of their devices before they put them on sale, only a few seem to be listening.

As nothing much can be done from the manufactures side by the consumers, here’s a list of security measures which can be followed by them while buying a smart toy-

Keep a check on the description while you’re buying the toy and carefully go through the fine print before you make a physical or online purchase. Better to know what the toy does and how does it interact with the child playing with it.

Check for the online reviews and see if they are any security concerns against the manufacture. Agree that it’s difficult to buy a product when the trend of paid reviews is going on full swing. But at least the reviews give us an option to think deep based on the average data summed-up from the reviews.

If you need to buy a specific smart toy due to your child’s pressure, then make sure that you submit the least amount of personal data while setting up an account for the child. And always ensure that you set a strong password to ensure that your account is well protected from prying eyes.

Just keep a track of the activity while your child is playing with the smart toy- specifically when the messages are being sent and received. Never leave the child unsupervised while they are playing with the smart toy.

When the toy is in the idle state i.e. the child is not playing with it, make sure that it is switched off completely to ward off any kind of cyber troubles due to hidden vulnerabilities in the smart toys.

The post Cybersecurity advice on How to buy Smart Toys appeared first on Cybersecurity Insiders.

December 27, 2019 at 10:42AM

Read More

10 safe browsing tools on Firefox browser

When it comes to privacy, those using the Firefox browser know well that the said web browser offers the utmost privacy with a feature to customize it further to suit personalized privacy obligations via plugins/add-on or extensions.

 

Now, to those who do not know how to do so, here’s a list of 10 tools for safe browsing on Firefox.

 

Firefox Container allowing multi-accounts- This is one of the trusted extensions on Firefox which allows users to keep the color of their profile coded to preserve privacy. As the cookies are isolated in Container, it thus helps users to browse content via separate or multiple accounts. It’s a great fit for home users where one PC is used to browse different accounts for services like Amazon and Google.

 

Facebook Container- This exclusive browsing extension allows users to keep their browsing activity isolated from prying eyes. Also, the said container helps users to keep their activity isolated from Facebook which has a habit of keeping a tab of its user activity via cookies.

 

DuckDuckGo Privacy Essentials- This add-on offers the privilege to encrypt browsing info of its users and also blocks trackers.

 

History Cleaner- As the name suggests this feature helps the user in setting up days of keeping a track of browsing activity and then deletes the entire info.

 

Disconnect- In this current cyber world, they are some websites and services working for governments that virtually keep a track of users of ISPs operating in some specific regions. So, Disconnect add-on lets users block those virtual websites that keep a track of search and browsing history of online users.

 

Disconnect for Facebook (FB)- As specified in one of the earlier lines, Mark Zuckerberg’s company has a habit of keeping a track of its user’s online activity. And the social media giant openly claims that such info helps it in targeting ads to users based on their browsing history. Disconnect add-on for Facebook blocks the social networking giant from sending its tracked data to 3rd party cookies.

 

Decentraleyes- Like many websites these days are relying on edge services providing companies for delivering content swiftly. Decentraleyes add-on does speedy delivery of local files with utmost security to improve online privacy.

 

Cookie Auto-delete- These days, it becomes a custom for the website to seek permission from the user before pushing information tracking cookies to them. And some are found doing so without even asking the consent of users. Cookie Auto-delete extension seeks permission from its users and helps them whitelist the trusted ones while deleting the rest. Notably, this extension also works in sync with Firefox multi-acct containers.

 

Bloody Vikings- Nowadays, as websites are asking for an email address to keep a track of their online users, Bloody Vikings automatically induces a temporary email address onto that info seeking website and opens the corresponding mailbox in a new tab.

 

Privacy Badger- This extension offers the privilege of blocking invisible trackers of websites after auto-learning from its user’s browsing activity.

 

Note- The difference between a plugin and extension is that the former allows extra functionality to users without altering the core functionality. While the later does offer some privileges by doing so.

The post 10 safe browsing tools on Firefox browser appeared first on Cybersecurity Insiders.

December 26, 2019 at 08:42PM

Read More

Entercom encounters the second Cyber Attack in this year

Entercom, well known as a leading radio network of America was hit by a cyber attack in this Christmas season. And sources report that this happens to be the second attack on the Broadcasting Company in the year 2019.

 

The Pennsylvania based company which owns around 235 radio stations across 48 media markets in North America says that the recent attack has hit mostly the back office operations making the radio network broadcast recorded programs to fill in the outage.

 

Entercom which has over 170 million audiences says that the second attack was not as severe as the first one which occurred in September this year. The first happened to be a ransomware attack which brought in severe financial losses to the radio broadcaster.

 

Highly placed sources say that the recent attack took place on Sunday last week affecting backend servers and largely unaffecting on-air systems. And as a result of the connectivity disruption email communication, data file access and content access for digital platforms were reported to be severely impacted.

 

News is out that the ransomware attack which took place in September incurred severe losses to the radio station network as the hacker demanded $500,000 to restore access to the encrypted data. However, it is still unclear whether the Entercom Communication Corporation paid the threat actors the reported amount to restore data or used other means to free up the database from malware.

 

Note- At the same time in 2017, Entercom merged its Broadcasting assets with CBS Radio.

 

The post Entercom encounters the second Cyber Attack in this year appeared first on Cybersecurity Insiders.

December 26, 2019 at 10:18AM

Read More

Worlds most dreaded state-developed malware strains

Here’s a list of world’s most dreaded malware strains developed by state-backed Cybersecurity units of various countries for reasons-

 

Stuxnet- This is a malware strain jointly developed by armies of the United States and Israel in the year 2001. It is a computer worm that is designed to target industrial control systems to disrupt automated machine processes.

 

Shamoon- This is a malware strain developed by Iran to target Microsoft Windows systems operating in a network. As the virus is destructive it was devised to be used in Cyberwarfare.

 

Regin- This happens to be the most advanced malware developed by an agency in the United States in 2014. Speculations are ripe that the development of this malware took place in association with United States National Security Agency and its British counterpart GCHQ. Regin malware is known to attack Microsoft OS loaded systems and was intended to gather intelligence.

 

Flame- Flame happens to be malevolent software which was discovered in 2012 and is known to attack Microsoft servers and workstations in the Middle East to conduct cyber espionage. Iran happens to be the country from which this malware originated.

 

Triton- This malware was developed to exploit vulnerabilities in Microsoft loaded machines and disrupt their operations. It is known to be aimed at Industrial control systems and production units of multinational companies. FireEye reports that this malware strain was developed by the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM) of Russia.

 

Industroyer- This malware was developed by Russian intelligence to disrupt the operations of power grids in Ukraine in 2016.

DUQU- DUQU malware happens to be a composure of various software components that when put together lead to cyberattacks on industrial control systems.

 

Plugx- This malware is a backdoor that helps control victim’s machines and has been in the cyber field since 2008. Notable features of this malware are to gather machine information, capture PC screen details, track down key typing and mouse events and reboot the infected system.

 

Winnti– This malware works similar to Plugx and is best described as a backdoor Trojan.

 

Uroburos is a rookit involved malware developed by Russia funded Turla hacking group and is a backdoor that immediately connects to Command and Control servers of hackers upon infection and transmits critical data about the victimized system and network.

 

Olympic Destroyer- This is a malware that was devised to disrupt digital infrastructure serving the Pyeongchang 2018 Winter Olympics and is likely to hit the digital systems of the Tokyo 2020 Olympics.

 

VPNFILTER malware- Russian hackers who are speculated to be funded by the government devised this malware to infect internet routers across the world to be used as Botnets.

 

WannaCry- Developed by North Korean hackers, this malware happens to be a file-encrypting malware which frees up the database only when the demanded ransom is paid in Cryptocurrency such as Bitcoins.

 

NotPetya- Coded by the Russian Fancy Bear aka APT28 group, this malware works similar to Wannacry and holds data files for ransom.

 

The post Worlds most dreaded state-developed malware strains appeared first on Cybersecurity Insiders.

December 26, 2019 at 10:16AM

Read More

Hackers from Vietnam stealing data from Automobile Companies

Hackers or a hacking group from Vietnam is found to be stealing data from automobile companies operating mostly in South Asia and is said to be spreading its wings to American companies.

Cybersecurity experts from Crowdstrike who were the first to identify this scenario have further reported that the attacks look similar to the ones launched by state-funded hacking groups from China.

Crowdstrike security experts say that the Vietnamese hacking group dubbed as APT32 is mainly focusing on stealing intellectual property from multinational companies by creating fake domains.

Toyota, Hyundai and another Japanese company is said to have become victims of the hackers already and the next target happens to be an electric vehicle producing company from America.

Vietnam’s foreign Ministry and Vietnamese embassy in Washington is yet to respond to the media speculations on this issue.

Meanwhile, security researchers from FireEye Inc have been tracking APT32 since 2012 and have synonymously named the hacking group as Ocean Buffalo and Ocean Lotus. The team has discovered that the hacking group has launched a series of attacks in the US, Germany and some nations in Asia- mainly on companies operating in the hospitality, consumer products, and manufacturing sector; just in the span of the last 3 years.

Espionage happens to be the latest theme in focus for the APT32 Cyber crooks as Slovakia based Cybersecurity firm ESET claims that they are having evidence that the group has so far targeted many firms operating in Asia.

The post Hackers from Vietnam stealing data from Automobile Companies appeared first on Cybersecurity Insiders.

December 25, 2019 at 08:40PM

Read More

Cyber Attack forces flight cancellations in Alaska in the holiday season

Christmas 2019 looks jinxed to some of the people who were planning to fly out of Alaska as a large scale cyber attack is reported to have made the authorities at Ravn Air Group to cancel flights in the whole of Alaskan region.

As per the details available to Cybersecurity Insiders, a malicious cyberattack is said to have occurred on the RavnAir database on Friday, December 20th, 2019 leading to flight cancellations from Saturday morning.

Highly placed sources say that a malware attack was launched on turbo-powered regional airliner the De Havilland Canada DHC-8 aircraft’s( known as Dash 8) maintenance & backup system and then malware spread into the network of RavnAir Alaska’s Dash 8 flight systems within no time.

As it was a holiday season many of the travelers who reached the airport were severely disappointed with the fact that the airliner has canceled most of the state connecting flights.

FBI and the local law enforcement authority at Anchorage, Alaska, United States were informed about the incident.

News is out that PenAir Flights and RavnAir Connecting flights remained unaffected by the cyber attack.

On a collective note, over 682 passengers who were supposed to travel on a flight via RavnAir had to cancel their journeys or look for alternatives to reach their holiday destinations. More than a dozen flights remained canceled on Sat, Sun, and Monday.

Note 1- The weather conditions at the airport were also not so conducive for the flights to take off and adding to the dismay of the travelers was the flight cancellations that happened due to cyber attack.

Note 2- The nature of the cyber attack is yet to be confirmed by the airliner.

Note 3- Corvus Airline operates the airline services on the name of Ravn Air Group from Anchorage and happens to be the primary hub for Ravn, Ted Stevens Anchorage International Airport.

The post Cyber Attack forces flight cancellations in Alaska in the holiday season appeared first on Cybersecurity Insiders.

December 25, 2019 at 10:00AM

Read More

Cross-site scripting aka XSS Cyber Attacks topped the list in 2019

According to research conducted by PreciseSecurity.com, Cross-site scripting attacks aka XSS cyber attacks topped the list of most popular attack vectors in 2019. The survey confirms that XSS attack targets were mainly large companies operating in Europe and North America.

 

PreciseSecurity.com research further clarifies that SQL Injection attacks came second followed by Fuzzing(Fuzz attack)- where threat actors use software to find vulnerability codes in company-operated software, operating systems or networks.

 

Simon Roe, the product manager at Outpost24 said that the hackers will continue targeting websites in 2020 by targeting APIs.

 

Roe’s words might turn true as developers continue to hand over applications to organizations in a jiffy to meet the ever-changing market demands which automatically makes them sideline Cybersecurity guidelines during secure coding due to time and budget constraints.

 

Adding to this agony will be the evolving ransomware attacks that will continue to increase like an epidemic in 2020 says Scott Caveza, a senior engineer at Tenable.

 

“As the New Year 2020 fast approaches, business email compromise and phishing attacks will see a rise in both volume and sophistication. Although many businesses are adopting HTTPS and 2FA on a faster note, end-users are estimated to fall prey to phishing attacks in 2020 says Holger Schulze, CEO, and Founder of Cybersecurity Insiders.

 

Note- Cross-site Scripting or XSS is a kind of cyber attack where a hacker first injects malicious scripts into the content of most trusted websites leading to a cross-site scripting attack where an untrusted source is allowed to inject code into a web application which then is delivered to a victim browser.

The post Cross-site scripting aka XSS Cyber Attacks topped the list in 2019 appeared first on Cybersecurity Insiders.

December 25, 2019 at 09:57AM

Read More

LockerGoga and MegaCortex Ransomware alert by FBI

FBI has issued a warning alert to all large corporations operating in regions such as the United Kingdom, United States, Norway, France, and the Netherlands. The law enforcement agency from the United States suggests that all private and public entities in the said region are vulnerable to LockerGoga and MegaCortex Ransomware attacks.

Technically, both the specified file-encrypting malware first hit their targets, then hibernate on the network for months and then start encrypting files on the devices.

Therefore, the Federal Bureau of Investigation is urging private entities to come forward in devising a plan of information and guidance to curb such attacks.

According to the alert now available to Media, the developers behind the LockerGoga and MegaCortex first infiltrate a corporate network via exploits, phishing attacks, SQL injection, and siphoned data related to login credentials- all by installing Pen Test tools such as Cobalt Strike.

After the threat actors gain access to a network, they then install software which then allows the hackers to create shells on the infected devices to execute PowerShell scripts and such.

What’s interesting in this network attack saga is that after gaining access to hackers they then hibernate on the network for months- probably stealing and transmitting data to remote servers, compromising workstations and servers on a further note and installing spying tools which are hard to identify and erase.

Once all the data is harvested they then encrypt the files on the network and then start demanding a ransom from the victim.

As LockerGoga and Megacortex use super secure encryption algorithms, it becomes tough to hack decrypt them for free.

FBI is urging large companies to keep workable backups on a standby note and keep the security software on the network up to date. Also using Threat monitoring/detection solutions makes complete sense in such situations says the American law enforcement agency.

Also using updates versions of PowerShells, and uninstalling older versions, scanning for open ports and closing them, monitoring changes in Active Directories and administrator groups for unauthorized entries makes sense says FBI.

The post LockerGoga and MegaCortex Ransomware alert by FBI appeared first on Cybersecurity Insiders.

December 24, 2019 at 08:52PM

Read More

FBI starts fooling hackers with fake data to find their whereabouts

The next time if you hear a media story on a company’s data breach, be aware that this could be a ploy played by the FBI on identifying hackers/ groups. Yes, the US law enforcement agency thinks that fake data can be used to lure hackers to hack a network in order to find their identity in detail.

Highly placed sources from the FBI say that the American agency has started an exclusive program named IDLE- Illicit Data Loss Exploitation where companies often store bad data in their servers and use that data as honeypots to trap hackers who are constantly in the lookout to steal valuable or sensitive info. The objective is to keep a track of fraudsters who often turn out to be freelancers hired by tech companies to spy or report on the activity of their competitors.

Although, not much is known about FBI’s program titled IDLE in practical, a source who likes to report anonymously said that the data set will be mixed with some company data to look it authentic and this in-turn will attract the hackers to infiltrate into the network- which then allows the law enforcement authority to track down cyber crooks and corporate spies.

However, security analysts say that there is no guarantee that this activity will prove 100% effective as media exposure of such programs might alert the hackers to a level where they show cautiousness while hacking corporate servers.

But the FBI says that its IDLE program will help the companies proactively prepare their cyber defense-line by confusing the hackers instead of reacting to data breaches after their occurrence.

The post FBI starts fooling hackers with fake data to find their whereabouts appeared first on Cybersecurity Insiders.

December 24, 2019 at 10:21AM

Read More

Mastercard acquires AI-based Cybersecurity startup RiskRecon

Mastercard, the American Multinational Financial Services Corporation has made it official that it is going to acquire AI-based Cybersecurity startup RiskRecon for an undisclosed amount. However, the deal is said to close in 1Q 2020 and is subjected to customary closing conditions.

 

RiskRecon happens to be a 2015 startup that leverages web data to companies to improve their Cybersecurity posture. It will help organizations better safeguard their intellectual property, consumer and payment data. And MasterCard aims to integrate RiskRecon’s technology into its product portfolio to help corporates improve their defenses in the world of Cybersecurity.

 

“Every business is prone to Cybercrime in today’s world and is susceptible to large scale cybercrimes such as data breaches and ransomware attacks. And RiskRecon is said to help accelerate cyber solutions to companies serving in the financial and government sectors” said Ajay Bhalla, President of Cyber and Intelligence, Mastercard.

 

Note 1- Mastercard happens to be a leading technology company in the International Payments industry and offers a range of product portfolio to make commerce activities like shopping, traveling, business owners simple, secure and more efficient.

 

Note 2- RiskRecon happens to be a data-driven company that offers risk prioritized action plans to match the risk priorities of its partner companies. It markets itself as a world’s only company that offers extremely low false-positive rate less than 1.5%. After the acquisition, the salt lake city headquartered company is said to be integrated into Mastercard as a business subsidiary.

 

The post Mastercard acquires AI-based Cybersecurity startup RiskRecon appeared first on Cybersecurity Insiders.

December 24, 2019 at 10:20AM

Read More

Russia to test ‘sovereign internet’ to curb foreign Cyber Threats

Russia is all set to test its sovereign internet infrastructure which it claims will help if foreign nations launch cyber attacks on its global internet connectivity. However, Free-speech activists fear that Vladimir Putin led the nation is looking to gain more control over user activity with the latest bill.

 

According to the sources reporting to Cybersecurity Insiders, the reliability test on the intranet connectivity of the domestic internet infrastructure will be made on December 23rd, 2019 afternoon and the move is said to help the country to see the consequences when its servers get disconnected from the world wide web.

 

However, no internet user in Russia will experience any kind of disruption in the connectivity with the test and the test consequences will only be seen at the virtual level of certain national infrastructure.

 

Last Year, Russia decided to make a law on sovereign internet and passed out a bill on the issue in November’18. The law was aimed to tighten the censorship control over the network, which the free speech activists are opposing right from day one.

 

Putin led the government says that the law and the intranet development took place due to the aggressive nature of the United States on the National Cyber Security strategy.

 

Note 1- As per the law, all the communication operators, Internet service providers will be asked to participate in the tests along with some state-run institutions and security services.

 

Note 2- In one of his media conversations early this month, Putin clarified that the bill is not meant to curb the internet usage of its users. But is aimed to prevent any negative repercussions of being disconnected from the global internet network- as the global server management and control are mostly located in the West.

 

Note 3- Technically the aim is to build a new and state-owned domain name system that is in control of the Russian government. So, the legislation aims to route Russian web traffic and data through government-owned nodes; unlike previously where the country depended on servers operating abroad.

 

Note 4- A spokesperson from the Russian Communications Minister Yevgeny Novikov is said to provide a detailed report to the media on the test and results by Friday this week.

 

Note 5- “Roskomnadzor” which happens to be the Federal Service for Supervision of Communications, Information Technology and Mass Media has confirmed that news and said that it will act as a central command center to the country’s network. Meaning ‘Roskomnadzor’ the Russian Legal Information Agency will act as a Central monitoring point to the web traffic being accessed and emerging from Russia.

 

The post Russia to test ‘sovereign internet’ to curb foreign Cyber Threats appeared first on Cybersecurity Insiders.

December 23, 2019 at 08:44PM

Read More

Three developments helping to increase trust in the commercial drone ecosystem

In recent years, vast leaps forward in drone technology have helped to confirm their practical application in a variety of different environments. In times of natural disasters, such as avalanches for example, drones have help saved the lives of people buried under the snow, by scanning large mountainous areas quicker than a person on foot. What’s more, in point-to-point delivery services the speed of drones is also revolutionizing the way we transport time-sensitive goods, such as blood, to hospitals in need.

But despite their potential, there remain questions surrounding the security of commercial drones and how they would work together to deliver our goods as part of a ‘commercial drone ecosystem’. Additionally, headlines continue to highlight the security risks that accompany drone flights, including stories of mid-air collisions with commercial flights and the ease of which drones can be hacked from the ground.

With an increasing number of drones communicating both with each other and devices on the ground, it is imperative that the ‘Internet of Skies’ is safe enough for the projected wide scale network of drones it will support.

1. Identifying pilots and Drones using Trusted Remote ID

One of the key elements that will help to engender trust in the drone ecosystem is making sure that a drone’s pilot and the drone’s own unique identity can always be identified using a Trusted Remote ID. In practice, this works the same way your cars license plate links your car to you.

By using our DroneConnect solution, identifying a drone and their pilot becomes incredibly secure and seamless. Here, biometric processes, including facial recognition and liveness detection, are gathered from the specific pilot, and then linked to their drone. This information is then kept on file by a public authority so that it can be checked against their servers before every flight, to make sure each drone is linked to its legitimate pilot. If a drone is found to be flying in an unsafe manner it can also be quickly linked to who is at its helm, so that authorities can take swift action.

Fully integrating drones into a trusted ecosystem also requires that any Unmanned Aerial Vehicle (UAV) can itself be identified and tracked – even without having to know who its pilot is. One way to do this is to place a tamper-proof box inside the drone. This box securely stores each drone’s unique digital ID, pilot and mission information, meaning it can be identified at any point in its journey, and can be monitored to ensure it is on the correct course. In addition, as the data from the digital ID is encrypted, it also protects the drone against various forms of data manipulation, such as a man-in-the-middle attack.

Directly linking drones to their pilots and giving them their own highly secure digital identities, should demonstrate to consumers that, with this technology, it will become much easier to identify people flying drones irresponsibly. Hopefully, this will reassure them that just because there are more drones in the sky, with the creation of an ecosystem, it does not mean that we won’t know exactly who these belong to and their flight paths.

2. Seamless and Secure Connectivity

For easy worldwide deployment, drone manufacturers need their drones to connect seamlessly, securely and dependably to a variety of networks in countries across the world. Parallel to this, for consumers to put trust in the ecosystem, they will need their goods to be delivered reliably and to be sure that drones cannot be hacked, and their packages be stolen.

It is therefore key that drones cannot simply disappear off the grid. It must always be possible to pinpoint a drone’s exact location so it can be accounted for.

To ensure this is the case, technology inside the drone must secure a connection to a wireless network when the drone is flying both shorter distances (less than five miles) at lower altitudes, as well as via the Global System for Mobile Communications (GSM) for drones partaking in longer journeys.

Part of this involves making sure that any wireless networks a drone uses over short distance flights is not susceptible to being hacked, and that any data sent over the network is encrypted to reduce the security risk that it can be modified.

However, it is also essential that in both cases the drone could connect to unmanned traffic management (UTM) platforms, which would receive flight plan updates, and could command any additional data needed for before a flight. For example, before the drone could take off, its mission and flight path would have to be approved based on the fact its path did not cross a no-fly zone. Once in the air, real-time tracking would be used to monitor its route (using an IoT module inside the drone that automatically sends identity and location data) and make sure it is on the correct path. In this way, UTM platforms will allow regulations to be implemented and enable safe and secure flights.

However, at present, GSM connectivity is not 100% available at every location. It therefore remains essential that drones using GSM connectivity have a backup solution for the network they run on, such as satellite communication for beyond visual line of sight flights, or Wi-Fi for short flights.

Additionally, by the same logic, swapping from one network to another (in order to achieve the best coverage possible) must also be entirely secure and, must also be smooth process for drone operators. Therefore, to garner trust and reliability in the drone ecosystem, both for producers transporting goods, and for consumers receiving them, connectivity is key.

3. Confidential data storage and exchange

The final pillar that would bolster trust in this ecosystem centers around the protection of confidential information that must be kept private. Take, for instance, public-safety-related information collected and processed during rescue operations – this clearly cannot be freely shared and could cause harm to the general public if it were to be intercepted by a third party. On a more personal level, imagine that a commercial drone carrying a package addressed to you was intercepted. The hacker would then have access to sensitive information, such as your place of residence and other credentials.

To make sure this cannot happen, it is crucial that data encryption mechanisms are mobilized properly. This involves making sure that legitimate data will only be shared with people and applications that hold the proper key to decrypt it, and that every point where a malicious actor could take advantage is well protected.

For example, despite the GSM network being securely encrypted, when data leaves this network and is sent to the cloud, there remains a potential gap that could be exploited by a cyber-attacker. It is therefore imperative that an end-to-end Transport Layer Security (TLS) protocol is applied, as this guarantees that the data is safe and secure from the drone all the way through to the UTM.

Finally, it is also essential that consumers fully understand what happens with their drone’s flight data after its flight, as all flight data will need to be safely stored and protected for any investigations, or for traceability purposes. To ensure that consumers can trust their data is being stored correctly, and at the highest possible standard, sensitive data needs to be collected on secure servers in the cloud and an advanced encryption mechanism must be mandatory in order to access it. This way, it very clear to the public that only authorized parties will be able to view and use this information, if they need to for the sake of an inquiry.

This new, connected world is bringing lots of advantages in day-to-day life, but it’s also bringing challenges in terms of data privacy and cyber-security. To build trust in this ecosystem, security-by-design must be the priority at every stage of the drone lifecycle – from making sure it is built into its hardware at the point of creation and at every point after until the final platform.

To unlock the potential of the skies, trust is essential. It is clear that we’ll need smart, digital and autonomous systems that are able to co-ordinate the complex web of users and flightpaths, while at the same time maintaining the incredible safety levels expected for our aircraft and airspaces.

Reducing the instances where drones are compromised or cannot be traced to an owner to hold them accountable is an essential step towards proving that an entire drone ecosystem can be safe. Only once governments, citizens and companies trust that drones are reliable and safe can companies begin to create a network of drones that fly beyond the visual line of sight.

The post Three developments helping to increase trust in the commercial drone ecosystem appeared first on Cybersecurity Insiders.

December 23, 2019 at 03:47PM

Read More

Three ways live face identification systems can tackle social issues

I wrote this blog with help from my colleague Alexis Camarillo.

Spoilers ahead! If you haven’t seen the film ‘Coco’, you might want to skip to the next sub-header

In 2017 Disney released “Coco”, an animated fantasy film featuring the story of a 12-year old boy who stumbles by mistake into the Land of the Dead, where he goes through an unforgettable journey. It’s a very entertaining, emotional (it actually brought tears to my eyes) and beautifully narrated story, honoring a Mexican tradition called “Día de muertos”, where it is believed that late relatives and friends return for a day to spend some time with their loved ones.

What really caught my attention was the use of biometrics within the film. A form of facial recognition is used when one of the main characters tries to cross over a bridge in order to go from the Land of the Dead to the Land of the Living on the “Day of the Dead” (since this is the only day when the dead can cross to the land of the living). At the “border” his face must be scanned and if his photo has been put on an altar (a typical offering used on the day of the dead with pictures of late relatives), he can cross the bridge and reunite with his loved ones for one day. The character tries to fool the system by pretending he is a famous character (Frida Kahlo), but the face scanner detects he is lying about his identity and prevents him from crossing the border. I couldn’t help but wonder, are biometrics really that powerful? As it turns out, they are.

In 2017, Gemalto launched LFIS (Live Face Identification System), a solution that integrates facial recognition into live TV systems. It identifies a person recorded by a camera in real-time. Today there are endless uses for this technology in the criminal, civil and commercial fields. But what I find really astonishing is how LFIS can be used to tackle social issues such as border control, city security and even human trafficking. Below, I’ve provided examples of three use cases of LFIS used to tackle such issues.

Facial recognition in airports

Facial recognition is already in use in many airports and border crossing points across the world, just like in “Coco”, promising to enhance security, as well as improve and expedite air travel.

In the US for example, the Department of Homeland Security’s Customs and Border Protection (CBP) agency has selected facial recognition and is providing Traveler Verification Services (TVS) to biometrically identify passengers throughout their international journey. When leaving the US, the entire process is done via capture and match right at the gate as opposed to the airline tracking you through the airport. At the gate, the face must match the digital image on file with CBP’s Traveler Verification Services.

No additional data is gathered, and nothing leaves the transaction, so travelers can rest assured that their biometric information will not be kept by the airport, airlines or any other system involved in the process of verification.

Check our infographic for more myths and facts about facial recognition in travel.

Public security in smart cities

Since I am not a technical girl, I always refer to real life stories to highlight the potential and usability of Gemalto solutions to solve day-to-day problems. My friend and her husband recently purchased bikes to escape the chaos of Mexico City and also use them to take their kids to school. Well, their bikes were stolen… with the child seats on… in the parking lot… of their apartment! And the whole thing was caught on camera. Did the fact that there were cameras intimidate the burglars? Not at all! After reporting the burglary, they were told there are criminal groups operating in the entire city dedicated to stealing bikes.

With the Gemalto Cogent LFIS solution, the authorities can now receive real-time alerts to take action quickly if the faces of the members of these criminals are caught on camera by the public safety monitoring system. Even with this simple example, let’s not forget that public security (which certainly includes more dangerous threats than the bike stealing mafia) is a growing concern for cities worldwide. LFIS can help authorities move from reactive to proactive security with a solution that provides speed, accuracy and scalability.

A tool to stop human trafficking

AMBER Alert is a program through which the authorities spread information about missing children and teenagers that might be in risk and appeal to society, through the media, for any hints that might lead to finding them. The program exists in several countries, among them Mexico, the U.S.A., Canada, United Kingdom, France, Germany, Malaysia and Greece. Typically, a picture and information such as name, age, sex, physical characteristics, clothing, details about the abduction (if any) are made public, in an attempt to find them.

As a parent, thinking about this breaks my heart. According to the U.S. Department of Justice, as of March 20, 2018, AMBER Alerts have helped rescue and safely return 924 children. What if we used LFIS to increase this number? How many lives could be saved? How many children could be spared from such a traumatic experience?

I love it when we can use technology to tackle social problems. What about you?  These are just a couple of examples of real-life use cases, but when it comes to LFIS, the possibilities are endless! Watch our video and leave your comments below or tweet us  @Gemalto.

The post Three ways live face identification systems can tackle social issues appeared first on Cybersecurity Insiders.

December 23, 2019 at 03:47PM

Read More