How to Retain the Right Kinds of Control in the Cloud

This post was originally published by Jacob Serpa.

The last several years have seen an unprecedented shift in the way that businesses conduct their operations and employees perform their work. Users are no longer confined to working on premises from desktop computers. Data is being accessed, stored, shared, and processed in new ways. While these changes have enhanced productivity and collaboration in the enterprise, organizations must consider how they are affecting cybersecurity.

Read more here:https://www.bitglass.com/blog/how-to-retain-the-right-kinds-of-control-in-the-cloud

Photo: https://ift.tt/388SlXo

The post How to Retain the Right Kinds of Control in the Cloud appeared first on Cybersecurity Insiders.

February 29, 2020 at 06:13PM

Read More

WHITE PAPER ON CLOUD SECURITY RISKS – AND HOW TO MITIGATE THEM

This post was originally published by(ISC)² Management.

Cloud security today is touted as better than ever. So how do we explain the ever-increasing number of data breaches?

According to the new white paper, Cloud Security Risks & How to Mitigate Them, the disconnect arises from a shared security model. Cloud Service Providers protect the datacenter, but customers are responsible for safeguarding their own data, and focus is shifting from the provider to the customer.

Read more here: https://blog.isc2.org/isc2_blog/2020/02/white-paper-on-cloud-security-risks-and-how-to-mitigate-them.html

Photo:giveuselife.org

The post WHITE PAPER ON CLOUD SECURITY RISKS – AND HOW TO MITIGATE THEM appeared first on Cybersecurity Insiders.

February 29, 2020 at 06:04PM

Read More

THREAT HUNTING: IS YOUR SECURITY OPERATION READY TO LAUNCH SUCH A PROGRAM?

This post was originally published by (ISC)² Management.

It could be a blended attack as slick as a multichannel marketing campaign. Or a spontaneous crime of opportunity by a single dis-gruntled employee. It could even be an innocent configuration error. When a threat exists, there will be indicators. The perennial challenge is to hunt for signs in the right places and to isolate the signal from the noise. How best to find—and remove, where possible—such threats remains up for debate. 

Read more here: https://blog.isc2.org/isc2_blog/2020/02/threat-hunting-is-your-security-operation-ready-to-launch-such-a-program.html

Photo:https://ift.tt/1qHGp7p

The post THREAT HUNTING: IS YOUR SECURITY OPERATION READY TO LAUNCH SUCH A PROGRAM? appeared first on Cybersecurity Insiders.

February 29, 2020 at 05:56PM

Read More

How VPNs Keep Your Data Secure

Virtual Private Networks are a pretty important point of contention nowadays. Namely, Internet privacy is being constantly attacked from many directions, leaks are common, and both governments and companies are trying to get their own piece of the pie.

Facebook, Google, Microsoft, all of these companies are very useful, they practically changed how we lead our lives. They have also with or without subtlety squeezed out information and data from all of us and are continually selling this info to others. And since we can’t really rely on the government to take care of this issue, we need to take things into our own hands – and a good VPN is a great starting point.

What is a VPN, exactly?

So, first things first – what is a VPN exactly? Simply put, a VPN is a service that creates an encrypted connection between a VPN server and your device. It is, essentially, a tunnel going through a mountain, with the VPN being the tunnel, your internet provider is the mountain, and the actual exit is the internet.

You gain full access to the Internet, all the while being protected and kept safe.

What is its purpose?

Its core purpose is to create a secret tunnel that allows you to get your data passing through its own servers. These servers keep your data safe and protected, they mask your presence.

They give you anonymity, location spoofing, security, and security for your data. Anyone who is trying to figure out what you are doing online will hit a wall since they won’t be able to figure out what sites you are visiting. Your payments and gifts won’t be traceable either if you use a good VPN. A VPN also allows you to watch geo-blocked content easily. This happens thanks to the servers it has all around the world.

How does it keep you safe?

You might be now wondering – what does the VPN actually do? Well, we will try to explain it in as little technical detail as possible. Just keep our tunnel metaphor in mind.

Namely, a VPN first establishes a communication protocol that comes from your device. It sets boundaries and directs the manner in which data travels from your device to the relevant server your VPN is using. Furthermore, you get extra security through the encryption of your data, which we will also touch upon below.

However, all of these safety features and systems won’t matter much if you get the wrong VPN, and if you don’t practice common sense. We also need to emphasize that all of this is what a good VPN does, a good free VPN that you may find via this link. Namely, an improperly set up, poorly created VPN will only cause you trouble, and might even steal your data. Furthermore, practising common sense when it comes to setting up passwords and keeping your device safe is also just as important as getting good software on.

Communication protocols

First things first – let’s talk about communication protocols. There are several types, some are faster, others are slower, some are more secure, others less so. There are essentially five types – open VPN, L2TP/IPSec, SSTP, IKEv2, and PPTP protocols.

OpenVPN is an open-source protocol that has its material accessible to everyone. While this means that it can be continually and continuously improved and strengthened, it also means that people get the chance to inspect it for weaknesses and issues.

However, it is still one of the most secure protocols, with 256-bit key encryption that is pretty much unbreakable. And since its open-source, it can be used on pretty much any device. The only possible downside is that it tends to be a bit slow.

Secure Socket Tunnelling Protocol (SSTP) is not that well known, but it’s pretty strong for Windows users. Namely, it has been tested with every incarnation of Windows for years, since Windows Vista. Furthermore, it has a 256-bit SL key encryption system, which makes it pretty impenetrable. The only issue is that, since it was originally proprietary to Microsoft, its software and under the hood parts are not really open to everybody.

Next, Internet Key Exchange version 2 (IKEv2). This one is popular for mobile phones since it’s pretty good at reconnecting to lost connections. Essentially, when you’re on the move, it easily finds a new connection and gets itself going.

Point to point tunnels, or PPTP, is the oldest VPN protocol and is pretty much out of use. It has too large gaps in security, it has many vulnerabilities, and it’s only saving grace is speed. However, if you are just interested in getting rid of geo-blocking, it might be all you need.

Encryption

Encryption is, essentially, messing up the info you let out, it gets scrambled and over-complicated so that only a person (or software) that knows the exact manner it was scrambled can get it back to normal.

Without going into too much detail, understand that 256-bit encryption is incredibly powerful. Even the simplest possible word won’t be decrypted if you get it controlled with this type of software. Note that 128-bit encryption is also fantastic, but that it’s not half the strength of 256, but exponentially much less.

Most of the time these encryption methods are just applied automatically. However, their level can vary, depending on the software and app. With a VPN you get to choose the exact level of encryption you want (or choose the VPN with a certain level of encryption). Note that higher encryption set-ups and levels mean a slower VPN service. It’s a matter of choosing speed over safety.

Conclusion

And there you have its folks, a quick guide on just how VPNs keep you safe and secure. You need to understand what they do, what types of protocols are out there, and how they encrypt things. With everything in place, you will be able to browse the web, enjoy the content you weren’t able to before because of your geolocation, and just be at peace knowing your info is safe and secure.

 

The post How VPNs Keep Your Data Secure appeared first on Cybersecurity Insiders.

February 28, 2020 at 11:43PM

Read More

How to avoid Amazon Chief Jeff Bezos Mobile Security pitfalls

We all know that Amazon Chief’s Jeff Bezos might have been hacked when he shared his number with a Saudi prince who later used phony tactics to gain access to the world’s richest businessman’s WhatsApp account and stole his private conversations and photos at some time in 2018.

Now, to those who are feeling paranoid about facing such circumstances, here’s a list of precautions which when followed might help avoid the Mobile Security Pitfalls made by the Amazon CEO.

Use two-factor authentication where ever it is possible, especially while using web services related to Google.

Although many websites and apps say that they can self-destruct or delete the data of their users as soon as they log out, online users need to be cautious that these are just trumpeting marketing techniques as we do not exactly know what happens behind the screens.

Better to visit monitor.firefox.com to find out whether your email id and other data have been dumped into the public. If so, better to change the password of your account related to that service.

Do not fall prey to the alluring marketing gimmicks of some companies which somehow try to take down your details like contact number and email ids in the parking lots of large shopping malls or at public gatherings.

Always keep your phone and laptop auto-update feature on

Nowadays, many OEM manufactures offering smartphones are offering hardware-based security which helps keep apps away from reading the metadata of calls and messages unless you permit them. So, better to use a device that has the latest software and hardware on its platform as it makes complete sense in situations where mobile security concerns are surging.

If your device allows, then it is better to turn on the disk encryption feature. This feature helps when you submit your damaged device at an authorized service center

Limiting the usage of location data to apps makes sense

Never access web services through public Wi-Fi’s as you never know who is snooping on your device via a public network-specific

If you happen to give your phone or laptop to your neighbor or friend, do keep an eye on their activities as it always helps you in one way or the other.

If you are a traveler, better not store any sensitive info on your device and use a cloud-based storage platform to access info in such situations.

For extra precaution, you can put a tape on the camera and the mic of your laptop as it helps bar any hacker conducting espionage through your device through a malware.

The post How to avoid Amazon Chief Jeff Bezos Mobile Security pitfalls appeared first on Cybersecurity Insiders.

February 28, 2020 at 08:37PM

Read More

Microsoft Ireland confirms every 3 in 4 organizations are worried about Cyber Threats

Microsoft Ireland researchers have discovered that every 3 in 4 of the largest organizations operating in Ireland were worried by Cyber Threats after screening the employee security habits in the respective organizations.

The focus of the researching team was on 4 key areas which include Identity Access Management, Threat Protection, Information Protection, and Security Management.

Microsoft which conducted a similar survey on 900 employees working in Large Irish Companies in 2019 concludes that there have been no changes in the attitude towards cyberattacks of the IT decision-makers when it comes to the improvement of the Cybersecurity posture in their respective companies.

Coming to the aspect of employing a dual-device authentication system, 69% of employers were in favor, while only 41% of them welcomed it on a positive note.

“As businesses in today’s world are facing ever-escalating cyber threats which are pushing their IT security limits to no-boundaries, it is becoming tough to investigate security alerts that are being received daily”, said Des Ryan, Solutions Director, Microsoft Ireland.

Ryan added that the IT decision-makers are living in a false world where a security gap has been created between organizations on how secure they were when it comes to Cybersecurity and how the actual security habits were leaving them open to data loss or hacking.

So, according to his insights, it’s high time for companies to consider making a preferential approach when it comes to data security and embraces new procedures and technologies to successfully neutralize their organization’s risks.

The post Microsoft Ireland confirms every 3 in 4 organizations are worried about Cyber Threats appeared first on Cybersecurity Insiders.

February 28, 2020 at 10:49AM

Read More

Cyber Attack news trending on Google

Firstly, it is the news related to a Cyber Attack on Redcar and Cleveland Borough Council which is trending on Google. On February 8th, 2020 a ransomware attack targeted the servers of the Redcar and Cleveland Borough Council disrupting the servers from the past three weeks.

Council Leader Mary Lanigan says that the IT staff has been working 24/7 to bring back essential services online since then and have partially succeeded in doing so. The attack is reported to have impacted the children who were anxiously waiting for their join in the secondary schools nearby which is scheduled to take place on National Offer Day to be held on March 2nd, 2020.

News is out that it would take several months for the council to restore the services on a complete note and would cost them anything between £11m to £19m as the costs to restore the services to normalcy.

What’s engrossing in this cyber attack saga is that the council has allotted a total of only £7.4m out of an annual budget of £279 million for an IT grant for the year 2020-21.

So, it will be interesting to find on how the Redcar and Cleveland Borough Council will make it recover costs.

In other interesting news related to cyberattacks, a Rwandan Government data center is reported to have been cyber-attacked by hacking group downing several servers belonging to government as well as private entities.

The impact is said to have disrupted most government websites which include the President’s website and that of the state’s military.

According to a source from news website Taarifa Rwanda, the recent attack happens to be second in the history of Rwanda as in the year 2016, hacktivists from the World Hacker Team targeted data centers operating across the region by infiltrating the network of Broadband Systems Corporation and stealing sensitive information like email accounts, passwords, and phone numbers and dumping them online.

The post Cyber Attack news trending on Google appeared first on Cybersecurity Insiders.

February 28, 2020 at 10:47AM

Read More

Mobile Security alert as Google removes 600 apps downloaded 4.5 billion times

Google has stated that it has removed over 600 apps from its Play Store- howbeit not before there were downloaded 4.5 billion times on an overall note. The intention of the tech giant with the move was clear; to keep its apps store free from spam which violated its ad policies.

According to the statement released by the Alphabet Inc’s company, the apps which were removed from its store were displaying full-screen ads even when the phone was not being operated- which is a clear cut violation of its policies as it even disrupts most of the device functions as it consumes data, memory and CPU power.

The web search giant has stated that the advertisers who were scammed by the app owners will be compensated duly.

What’s interesting in this whole saga is that most of the apps which were deleted from the Google Play Store belonged to companies operating from China, Hong Kong, Singapore, and India and were mostly targeting smartphone users who were speaking English.

FYI apps run by Chinese company Cheetah Mobile stands tall in the deleted list of apps.

Meanwhile, a source from Cheetah Mobiles said that it is extremely disappointed with the way Google is treating its apps and so has intended to voluntarily leave the Play Store. However, as the internet juggernaut has still given the privilege of adding new apps to the Play Store, the company has decided to do a follow- on.

The post Mobile Security alert as Google removes 600 apps downloaded 4.5 billion times appeared first on Cybersecurity Insiders.

February 27, 2020 at 08:50PM

Read More

Online payment security: 8 Steps to ensure safe transactions

This blog was written by an independent guest blogger.
Online shopping has become an increasingly popular trend in the past few years as people find it more convenient to buy from the comfort of their homes. You can get pretty much anything and everything from online stores: groceries, clothing, jewelry, electronics and other household items. Yet, we need to consider for a moment if all these online financial transactions taking place are safe – and how can we ensure our protection from online frauds such as identity theft and phishing attacks.
It would be a little exaggerating to say that online transactions are highly insecure. Rather, most online payment systems are relatively secure. Still, online crime is a reality and bad actors are always lurking around looking for possible vulnerabilities to grab and exploit. Unless necessary precautions are taken by both merchants and customers, payment information can be leaked and…

Posted by: David Smith

Read full post

      

The post Online payment security: 8 Steps to ensure safe transactions appeared first on Cybersecurity Insiders.

February 27, 2020 at 09:08PM

Read More

Ransomware shuts down Australian wool auction and erases data of Florida Police

The Australian wool auctioning event was shut down for a week as a ransomware attack on a supplier’s main software locked out the auctioning company from carrying on the event on a further note.

 

Secretary of National Auction Selling Committee (NASC) has confirmed the news and said that the weeks auctioning has been canceled due to a cyber attack.

 

Authorities are working to hard to restore the system related to Electronic Data Interchange by this weekend through backups and related tools.

 

David Cother, the Secretary of the National Auction Selling Committee stated the sales of week 35 have been canceled and the sales of week 36 will be reviewed later as a review of the systems should be made closely.

 

In another news related to the ransomware attack, US Prosecutors had to let go of 11 narcotic cases on 6 suspected drug dealers due to lack of evidence with the Florida Police Department. As the police failed to provide detailed evidence, before the law, the drug dealer suspects were freed up.

 

News is out that the evidence on the database of the Stuart Police department was erased due to a ransomware attack in April 2019 and as the Florida Police failed to provide a related photo and video evidence before the court it made the US Prosecutors free up the suspects.

 

Note- A ransomware is a file-encrypting malware that locks down an infected database from access until a ransom is paid- usually in cryptocurrency of Bitcoins and Monero.

The post Ransomware shuts down Australian wool auction and erases data of Florida Police appeared first on Cybersecurity Insiders.

February 27, 2020 at 10:26AM

Read More

Russia criticizes Canada for Cyber Attacks on Georgia

Russia has sharply criticized Canada for blaming Moscow for launching Cyber Attacks on Georgia in 2019. The word comes just after the United States allegedly blamed Kremlin last week for launching cyberattacks on the websites of Georgia and Ottawa joining the blame game.

 

Cybersecurity Insiders readers have to notify a fact over here that more than 2K public and private websites faced disruption on October 28th, 2020 due to a cyber-attack allegedly launched by Kremlin and this includes the disruption of IT infrastructure those belonging to Imedi and Maestro.

 

In a statement released last week, the Canadian Foreign Ministry was in voice with its allies over Russia’s indulgence in cyberattacks targeting Georgia. The statement added that the Russian General Staff of the Armed Forces was involved in the attack.

 

And this seems to have irked Moscow who claims no proof of the allegations on its indulgence in the digital breach.

 

Meanwhile, a fresh statement issued by the United States says that the attack was carried out by a Sandworm aka 74455 unit belonging to the Russian General Staff Main Intelligence Directorate (GRU).

 

Note– Any cyberattack on the west points fingers at either Russia or China. And from the past two years, Iran and North Korea have joined the list. The fact is that the countries who allege that Russia and China are involved allege that they have evidence to prove that the nations are guilty. But never reveal the evidence to the public.

 

The post Russia criticizes Canada for Cyber Attacks on Georgia appeared first on Cybersecurity Insiders.

February 27, 2020 at 10:24AM

Read More

MWC 2020 is cancelled – but the spirit of limitless connectivity will go on

The GSMA’s decision to cancel this year’s MWC is unfortunate but understood in light of the threat posed by the Covid-19 outbreak. As an international organization with offices in nearly 70 countries, Thales acknowledges the severity of the situation and has taken steps to restrict business travel. Our deepest sympathies are with those affected in China and all around the world.

While this year’s MWC in Barcelona is on ice, the pioneering essence that drives the mobile industry’s flagship event undoubtedly lives on. The motto of the event, which is now in its 33^rd year of existence, is ‘LIMITLESS Intelligent connectivity’, and it’s within the spirit of that ethos that the world’s greatest innovators are continuing to strive for groundbreaking connectivity solutions, even in the absence of a physical gathering.

Trials and tribulations

I’ve been going to the show since the early 90s when it was called the GSM World Congress. It was initially held in a different European city each year before a ten year residence in Cannes – it only finally settled in Barcelona in 2006. I’ve seen it weather the industry’s share of trials such as the bursting of the Internet Bubble in the early 2000s but this is the first time in the event’s history that it’s been cancelled.

I’ve been lucky enough to be at the bleeding edge of game-changing connectivity developments as we moved from 2G to 5G, as well as the emergence of the first smartphones and an Internet of billions of things. This year’s event would undoubtedly have built on its reputation as a hotbed for innovation, with market-leading manufacturers getting ready to showcase the latest exciting developments in the world of IoT and mobile.

The show must go on

While this year’s event will be much missed, it’s important that the industry keeps collaborating and striving for the excellence that has defined it over the last three decades.

Thales’ announcements at this year’s MWC were focusing on the themes of trust and partnerships. By supporting companies’ digital transformations and providing best-in-class advice and expertise to help businesses develop their IoT projects, we are able to raise the bar in connectivity and security across the sector.

Our booth was designed to capture this spirit of collaboration, with the demonstration of several areas of Thales’ expertise from connectivity to cybersecurity and AI. We can increasingly act as a one-stop shop for companies developing cutting edge mobile and IoT projects, combining expertise in four key areas:

• 5G – Building trust by connecting and managing all types of 5G devices and networks, that will enable brand new use cases
• Artificial Intelligence – Getting more value from data using AI and machine learning
• Connectivity – Turning things on and simplifying lifecycle management
• Security – Protecting things, people and spaces

Together these four streams aimed to share a 360° overview of state-of-the-art solutions for encrypted communications and environments, improved digital security and trusted digital identities, advanced AI-based analytics, IoT modules and platforms, 5G SIM and eSIM solutions, and much more.

The soul of MWC lives on(line)

As is fitting in our increasingly connected and digital world, we don’t need a physical get-together to showcase the wealth of innovation that our industry has to offer. You can get more info on the tech we were planning to show on our Digital MWC page and please keep in touch via Twitter.

It’s now up to the wider industry to keep this ball rolling – making sure that each player is contributing to the melting pot of ideas that have always been at the heart of MWC. And hopefully we’ll see you all in Barcelona in 2021.

The post MWC 2020 is cancelled – but the spirit of limitless connectivity will go on appeared first on Cybersecurity Insiders.

February 26, 2020 at 09:08PM

Read More

Google Android 11 OS focuses more on Data Privacy

As Google opened the doors of Android 11 for developers last week the web search giant has insisted that its focus will be more on data privacy for this segment of the operating system. For instance, the upcoming version might include the feature where apps will get one-time access permission to access location or camera on the device.

 

Google has disclosed that its next operating system will support digital docs like driver licenses and another identity related information and will expand the use of Biometrics like IRIS, Fingerprint data, and Facial recognition.

 

And as users will be looking forward to using devices working on 5G networks in 2021, Android 11 is asking its developers to open up bounds on building apps that take advantage of 5G networks by allowing the device to use more data to stream high-resolution videos.

 

Furthermore, Android 11 can operate on different screens like foldable devices- launched by Samsung recently and those with pin-hole screens and hole punch screens as well as waterfall screens.

 

The Alphabet Inc’s subsidiary stated in its latest news bulletin that it will be launching Android 11’s beta version in May this year and will release the pre-versions till early fall.

 

Note- Already the developer’s build was released on Feb 19th of this year and was set to operate on the tentative Google Pixel phones releasing this year. The final release will be available for the OEMs by Oct 2020.

The post Google Android 11 OS focuses more on Data Privacy appeared first on Cybersecurity Insiders.

February 26, 2020 at 08:31PM

Read More

US Pentagon ethically adopts AI to use in Battlefield

Finally, it’s out that the US Pentagon has decided to use the technology of Artificial Intelligence on the battlefield. However, the usage will be done via ethical practices will utmost judgment and care.

 

As countries are showing a lot of interest in using Artificial Intelligence in war situations, the concerns among nations have risen that the technology might spell a doomsday the entire humankind someday.

 

“United States Pentagon has put a full stop to all these concerns by making the use of AI technology traceable and governable. Meaning the technology can be neutralized if they go against humans or show any unintended behavior against other living beings”, said Gen Jack Shanahan, the Director of the Pentagon’s Joint AI Center.

 

Pentagon’s decision to tame the technology of AI has come just after Microsoft won the Joint Enterprise Defense Infrastructure or JEDI contract last October which fueled a lot of negative repercussions between Amazon Chief Jeff Bezos and the US President Donald Trump.  

 

“As the President of United States is intending to make America the first nation to fully adopt AI capabilities to the core, Pentagon has been assigned the duty to track down the ethical ambiguities and risks”, says Lucy Suchman, the anthropologist who studies the role of AI in warfare.

 

Hope, America wins the race with China and Russia in using AI in military warfare on an ethical note.

 

Note- In the year 2018, some employees of Google started a protest which attracted global attention. It was related to Project Maven which uses Machine Learning techniques to interpret aerial images in the war zones.

 

The post US Pentagon ethically adopts AI to use in Battlefield appeared first on Cybersecurity Insiders.

February 26, 2020 at 10:44AM

Read More

US Massachusetts Power Station reigning under Ransomware Attack

Ransomware news is out that all computers belonging to a power station located in Massachusetts were reigning under a ransomware attack and hopes of revival are bleak. However, the good news is that the officials at the power station are doing their best to clean up the database from the file-encrypting malware and have already achieved success in doing so on a partial note.

 

The Reading Municipal Light Department (RMLD) is the power station in discussion and the station bosses are reported to have hired an outside IT Consultant to resolve the issue and bring back the servers to normalcy.

 

A source from RMLD stated that the IT staff of the power station was well capable of containing and resolving the incident. But as a matter of abundance, they have decided to go for outside help to ensure that the malware is pulled out from the database from the core.

 

After suffering downtime for two days on a consecutive note, the power station staff has confirmed via Twitter that the company’s website was back to normalcy.

 

As the electricity operations were never impacted by the ransomware attack, the consumers were unaware of the ransomware incident on RMLD.

 

Note 1- How the ransomware entered the electricity department’s network is yet to be probed.

 

Note 2- According to a study made by news resource NBC10 Boston, 1 in 6 Massachusetts communities have been targeted by ransomware and among them, most of them have recovered by paying the hackers the taxpayer’s money in exchange for the decryption key.

The post US Massachusetts Power Station reigning under Ransomware Attack appeared first on Cybersecurity Insiders.

February 26, 2020 at 10:42AM

Read More

How to harden your employees from the massive social engineering threat

This blog was written by an independent guest blogger.
Social engineering is the art of human deception. In the world of cybersecurity, it’s how to fool human beings in order to conduct cyber attacks. Some of these cyber attacks can be very expensive to your business! In fact, many of the worst cyber attacks to your organization’s network start with fooling you or one of your employees. Penetrating a network without human interaction is really tough. But the people who work for your company have privileged access that can be easily exploited.
I was at a Leading Cyber Ladies meetup in Toronto recently, where threat research expert Sherrod DeGrippo visited all the way from Atlanta to talk about how cyber threats often work these days, and what their attack chains are like. I had the idea to write about social engineering before I attended the meeting,…

Posted by: Kim Crawley

Read full post

      

The post How to harden your employees from the massive social engineering threat appeared first on Cybersecurity Insiders.

February 25, 2020 at 09:09PM

Read More

Dopple Leaks website launched by DopplePaymer Ransomware to publish victim data

Unexpected things are happening in the cyber world and here’s a news piece to share with those who are interested in knowing the latest in the ransomware world. Till a couple of years ago, ransomware spreading hackers were seen encrypting a database unless a ransom is paid.

From 2019, the cyber crooks first started to steal a portion of the data from a database and then locked it with the file-encrypting malware unless a ransom in cryptocurrency is paid. And in the case the victim fails to pay a ransom, then the hacker would then sell the stolen data in the dark web marketplace to fetch a fair amount.

Now, the news is out that those spreading DopplePaymer Ransomware have launched a dedicated website named “Dopple Leaks” on Feb 25th,2020 which will be used to publish the data of their victims who don’t pay a ransom.

And what’s more? The website will be accessible on the open web in a couple of months- means anyone can get hold of the stolen data after paying an amount. But for now, it is only available for access through a virtual private network.

As of now, the website is available in the beta version with a small amount of stolen data available for purchase and shame the victim.

Highly placed sources say that Dopple Leaks has info related to the database about Pemex, a Mexico based oil company that suffered the file-encrypting infection in Nov’19 where hackers demanded 560 BTC worth $4.9 million for providing a decryption key.

Also, data related to an accounts firm from the USA is available for access as the victim failed to pay a ransom of 15 BTC. Then a logistics firm from South Africa which failed to pay 50 BTC is also on the list along with a french telecom & cloud company which denied paying a ransom of 35 BTC.

The post Dopple Leaks website launched by DopplePaymer Ransomware to publish victim data appeared first on Cybersecurity Insiders.

February 25, 2020 at 08:42PM

Read More

Mexico and Australian Governments tackling Cyber Attacks

Mexico’s economic ministry has made it official that it is has detected malevolent server activity on its servers on Sunday this week. But assured that no sensitive information was compromised in the incident and all security measures were beefed up to prevent such incidents in the future.

Readers of Cybersecurity Insiders have to notify a fact over here that a ransomware attack was poised at the National Oil Company named Pemex last November and the hackers were demanding $5 million in Bitcoins to free up the data.

So, the Mexican government has issued a Cybersecurity alert to all private and public companies to improve their measures against attacks and proactively mitigate them.

Meanwhile, in other news related to cyber attacks, the opposition party in Australia has criticized the governing party for showing sensitiveness for ongoing cyberattacks on public infrastructure.

Referring to the cyber-attacks which took place on Gippsland Health Alliance, South West Alliance of Rural Health and the Transport agency Toll, Asst Minister for Cybersecurity Tim Watts has warned the ruling government against the increasing number of cyber threats on Australia as it might bear serious consequences in near future.

It has to be notified over here that in January this year, Toll Group reported that more than 1000 of its servers were infected by Mailto Ransomware impacting its operations on a partial note.

Although it was not a state-sponsored attack, Tim Watts felt that the threat scale might increase if the government doesn’t show any improvement in curbing such attacks.

The post Mexico and Australian Governments tackling Cyber Attacks appeared first on Cybersecurity Insiders.

February 25, 2020 at 10:45AM

Read More

Google revamps its Cloud Security measures

Google LLC has made an official announcement at the RSA Conference that it is going to facelift its Cloud Security capabilities of its consumers to protect their data, irrespective of the place where it resides. Thus, with the announcement the web search giant has hinted that it is going to technically revamp its Chronicle Security Platform and the reCAPTCHA Enterprise and Web Risk API Tools.

As enterprises are embracing cloud for their application and data storage needs, they are opting for only those services which offer sophistication indulged modern architecture to integrate their critical business systems- both on-premise and on the cloud.

Google wants all its customers who are in their digital transformations to feel safe and secure by offering threat detection and timeline capabilities in Google Cloud’s Chronicle Security Analytics Platform which is also helpful to detect fraud prevention on time.

BTW, Chronicle was started as a business unit of Alphabet Inc, the parent company of Google. And later it was incepted into Google Cloud as a sole proprietary. The highlight of this service is that it offers a product named ‘Backstory’ which is designed to detect any malevolent activity in its consumer’s usage infrastructure. And adding to its capability now is the addition of YARA-L which is a coded language well capable of detecting threats and behavior in an automated way.

The post Google revamps its Cloud Security measures appeared first on Cybersecurity Insiders.

February 25, 2020 at 10:42AM

Read More

Dawn of a new decade: Leaping from GRC to IRM – A building block approach

This blog was co-authored by Carisa Brockman, GRC Practice Lead.
First things first: It is crucial to understand the difference between Governance, Risk and Compliance (GRC) and Integrated Risk Management (IRM) because this sets the stage for long term strategic risk management and breaks down the siloed approach to risk that exists in many organizations today.  It is because GRC is sometimes implemented from a compliance-driven strategy rather than a risk driven initiative. Instead of delving into the name itself, let’s define the approach and get started with the key items to consider while making the transition from GRC to IRM, so that it feels less like a leap.
GRC can be defined as a set of tools for managing compliance and remains valuable for that specific challenge, but it aligns less precisely with today’s evolving definitions of risk and risk management. The answer is…

Posted by: Bindu Sundaresan

Read full post

      

The post Dawn of a new decade: Leaping from GRC to IRM – A building block approach appeared first on Cybersecurity Insiders.

February 24, 2020 at 09:08PM

Read More

Testing Cloud application stability using the principles of Chaos Engineering

Across the business landscape, we’re seeing a wholesale movement of services to the Cloud as companies wake up to the benefits of capacity and flexibility that accompany such a shift away from hosting systems on servers.

While there are clear advantages to migrating to the cloud, there are challenges too – such as layers of added complexity.

Testing these cloud-based systems to make sure they stand up under duress is important, but the heightened complexity of these environments means that the role of Quality Assurance (QA) has had to evolve accordingly. The traditional method of testing a service was the same as making sure each light on a set of traffic signals were working correctly. In a Cloud environment, where the effective working of a platform or application relies on a glut of variables, a binary approach to QA is simply not fit-for-purpose.

In order to address a complex environment such as the Cloud, the testing mechanism needs to be accordingly robust and aggressive. That’s why Thales has developed the Chaos Engine, in order to help businesses make sure their Cloud-based services are resilient enough to address a multi-point failure.

Why is the Cloud more complex?

Cloud resources – such as data storage and computing power – are typically more expensive than an equivalent physical server. However, ‘traditional’ servers need to have enough resources to handle a businesses’ busiest times. On the other side of the coin, servers also have idle resources at other times when there isn’t such a demand for their requirements.

Cloud hosted applications are capable of managing the number of virtual servers they need from a cloud provider at any given time. They can call on more resources when there is extra traffic, and then return them to the cloud provider when the demand drops. This creates a dynamic hosting environment that responds in step with usage requirements.

Accomplishing this, however, depends on configuring complex rules for scaling up and down based on measurable metrics. If you do this right, you can keep your costs down, and offer your users a seamless experience. Any small errors in these rules can result in runaway costs, poor user experience, and sometimes both.

What is the Chaos Engine?

At its core, the idea of the Chaos Engine is self-explanatory. It is designed to create chaos in the testing environment and bend the very limitations of what the service can do, thereby pushing the very limitations of these virtual servers sitting on The Cloud.

Let’s think about that traffic analogy again; instead of testing each light on a traffic signal in turn, the Chaos Engine tries to close out a busy city intersection during rush hour and observe how the city traffic reacts to such disruptive event

This is the Chaos Principle. The aim is to create as many random faults that could reasonably occur in a real application deployment. This means switching off or randomly deprecating some part of the system and seeing how it can stay alive. Think of this as deliberately initiating the virtual equivalent of our very own adrenaline-induced fight or flight mechanism.

QA for the intricacies of the Cloud

As the migration to the Cloud becomes more and more the default for systems, it’s increasingly challenging to triage any outage that might be currently happening. Add to that the fact that any additional downtime is becoming extremely costly – with global averages suggesting that a company loses $300,000 per hour if their public facing systems go down – and it’s clear why there’s a financial imperative to catch these issues before they happen.

The Chaos Engine is designed to ask challenging questions in a live environment; ‘What happens if this falls down?’ or ‘What could possibly go wrong?’

Businesses such as Netflix already work with chaos principles, but more often that not, services hosted on the Cloud are using more traditional QA methods – effectively leaving the good running of their operations to chance.

Creating ultra-resilient environments

We built the Chaos Engine as an open source project to help businesses show they have the best resilience as a service and that they can prove any KPIs they are measuring against. We’re also welcoming contributions to make sure that the project itself is as versatile, dynamic and effective for as many different use cases as possible – after all, businesses in every sector are moving towards The Cloud.

Cloud environments offer a range of benefits to businesses, but all this will be superfluous if platforms, containers and APIs fail as soon as they’re put under at least a modicum of pressure. To ultimately create order, we need chaos.

The post Testing Cloud application stability using the principles of Chaos Engineering appeared first on Cybersecurity Insiders.

February 24, 2020 at 09:08PM

Read More

Report claims $11.5 billion loss from ransomware in 2019

A new report says that ransomware attacks quantified to $11.5 billion in damage in the year 2019 which confirms that those spreading file-encrypting malware has made some good profits for sure.

According to a study made by Deep Instinct…hmm, not the Basic Instinct, hackers stayed more focused in 2019 in spreading ransomware and the loss per incident was recorded to be $141,000 per incident-up from $46,650 a year earlier.

Deep Instinct Ransomware Report says that the threat actors did not focus on a single business field to spread the malware. As they targeted critical infrastructure, life or death consequences, thousands of individuals along with government organizations.

Note- A report released by Cybersecurity Ventures has predicted in the year 2016 that ransomware damages will cost the world $5 billion in 2017, and will witness a 15x increase in just two years. Also, the report highlighted the fact that the cost of the global damage with ransomware attacks will reach $11.5 billion on an annual note by 2019.

Researchers of Deep Instinct claim that the estimated costs not only include the costs made from ransom, but also those which were incurred from the downtime, data loss, loss of productivity, post-attack disruption to the normal course of the business investigation, forensic investigation costs, data restore costs and reputation damage.

Thus, we need to understand that ransomware might prove as a game-changer for businesses as it has the potential to break a business on a temporary or a permanent note.

Hope, CIOs, and CTOs have made a note of this point and have boosted their awareness and response plans with regards to ransomware threats and mitigation.

The post Report claims $11.5 billion loss from ransomware in 2019 appeared first on Cybersecurity Insiders.

February 24, 2020 at 08:40PM

Read More

US Politician Katie Hill in news for launching DDoS Cyber Attack on an opponent

FBI arrested a 32-year old man named Jan Dam hailing from California for launching DDoS Cyber Attacks on a Congressional candidate’s website in April- May 2018- eventually paving way for the win of Katie Hill. As the accusations are proved, apparently Dam will face a 10 years Federal imprisonment.

 

Therefore, this reminds us of the fact that Russia is not the only cyber threat for US Elections 2020 as they are also other forces that might be interested in acting a threat to democracy.

 

According to a statement released by the Department of Justice Dam launched distributed denial of service attacks on the website of Democrat Bryan Caforio which made him loose by 3000 votes to Katie Hill as the website faced a downtime of almost 21 hours.

 

As the attacks were subjected in two parts- one of the days before the debate and other on the election date, Caforio couldn’t go for the damage control despite spending $30,000 to neutralize the effects of the cyber attack.

 

What amazes in this whole cyber attack saga is that Dam’s wife Kelsey O Hara was working as a graphic designer and security consultant to Katie Hill. But the FBI did not find any evidence against 32- year-old Hill to prove that she funded the attacks.

 

Note- Last Oct, Katherine Lauren Hill was in news for having an illegal relationship with her female staff member Morgan Desjardins and finance director Graham Kelly. Now, her name is hitting the news headlines for launching cyberattacks on Congressional members which is yet to be proved.

 

The post US Politician Katie Hill in news for launching DDoS Cyber Attack on an opponent appeared first on Cybersecurity Insiders.

February 24, 2020 at 10:08AM

Read More

Ransomware leads to lawsuit and data concerns from NRC health

A Ransomware attack launched on New Jersey’s Hackensack Meridian Health on December 2nd, 2019 reportedly led to the disruption in services at 17 urgent care centers, hospitals, and nursing homes. At that time the hospital authorities paid an undisclosed sum to the hackers to retrieve encrypted files to normalcy and announced that there was no evidence that the hackers accessed the locked-up data.

Now, the news is out that two persons hailing from Newark District have filed a lawsuit against the healthcare services provider seeking reimbursement for expenses made from their pocket, compensation for the damage and disruption and a penalty.

The plaintiffs also want Hackensack Meridian Health to undergo annual data security audits and improve the healthcare’s Cybersecurity posture; along with a facility to offer a 3-year credit monitoring service to breach victims for free- all a part of a secure injection relief.

Meanwhile, NRC Health which sells patient admin tools to hospital networks has admitted that a ransomware attack took place on its servers on Feb 11th of this year. However, the organization is confident that its patient data was never accessed by hackers.

NRC Health which manages patient survey systems and works with 80% of the 200 largest hospital chains in the United States stated that the email systems and internal communications were partially restored by the weekend through backups.

Paul Cooper, the CIO of NRC Health has admitted that the incident details have been reported to the FBI and an investigation into the attack has been launched.

The post Ransomware leads to lawsuit and data concerns from NRC health appeared first on Cybersecurity Insiders.

February 24, 2020 at 10:00AM

Read More

Cloud Security that Performs

This post was originally published by Nat Kausik.

We heard from another customer today that their incumbent cloud security vendor keeps going down. And when it is not down, DLP scans take hours, if they complete at all.   What is going on?

Cloud security offerings are typically based  on the network security model, where fixed capacity nodes handle traffic on fixed bandwidth pipes.  These “bump in the wire” offerings are priced and sold by bandwidth, and things work well enough when they are used in such single-tenant contexts.

Read more here:https://www.bitglass.com/blog/cloud-security-performance-1

Photo:www.volico.com

The post Cloud Security that Performs appeared first on Cybersecurity Insiders.

February 23, 2020 at 07:16PM

Read More

The Healthcare Breach Report: Breaches on the Upsurge

This post was originally published by Juan Lugo.

The vast majority of healthcare organizations utilize and store protected health information (PHI), which is composed of patients’ sensitive information. HIPAA, the privacy rule that classifies PHI, describes protected health information as medical history, Social Security numbers, personal financial data, and more. 

Read more here:https://www.bitglass.com/blog/the-2020-healthcare-breach-report

Photo:www.csoonline.com

The post The Healthcare Breach Report: Breaches on the Upsurge appeared first on Cybersecurity Insiders.

February 23, 2020 at 07:10PM

Read More

Bitglass Security Spotlight: Healthcare Burglary Results in Data Breach Affecting Over 654,000 Members

This post was originally published by Juan Lugo.

As cloud adoption continues to increase exponentially across all industries, data breaches have been, by large, the result of hacking and IT incidents. However, there are still a few data breaches each year that arise from loss or theft, and that is exactly what occurred to medical transportation vendor, GridWorks. The Oregon-based ride to care vendor experienced a burglary that resulted in a laptop stolen, which contained the personal identifiable information (PII) of 654,362 members. The database included names, addresses, phone numbers, and Medicaid ID numbers. 

Read more here: https://www.bitglass.com/blog/bitglass-security-spotlight-healthcare-burglary-results-in-data-breach-affecting-over-654000-members

Photo:news.delaware.gov

The post Bitglass Security Spotlight: Healthcare Burglary Results in Data Breach Affecting Over 654,000 Members appeared first on Cybersecurity Insiders.

February 23, 2020 at 07:03PM

Read More

BREACHES INCREASED IN 2019, BUT THE NUMBER OF EXPOSED RECORDS DECLINED

This post was originally published by (ISC)² Management.

The number of U.S. data breaches bumped up 17% in 2019 but despite the increase, the volume of sensitive consumer records that were exposed declined substantially by 65%, according to a newly published report.

Read more here: https://blog.isc2.org/isc2_blog/2020/02/breaches-increased-in-2019-but-the-number-of-exposed-records-declined.html

Photo:www.identityforce.com

The post BREACHES INCREASED IN 2019, BUT THE NUMBER OF EXPOSED RECORDS DECLINED appeared first on Cybersecurity Insiders.

February 23, 2020 at 06:56PM

Read More

Google trending Cyber Attack news headlines

Firstly, it is the US Department of Defense which is topping the headlines when it comes to cyber-attacks. News is out that the systems related to Defense Information Systems Agency(DISA) affiliated to DoD have been hacked the incident reportedly exposed personal data of more than 200,000 people.

DISA is the agency that looks into the operations related to military communications and white house and it includes calls and web traffic monitoring of US President Donald Trump.

It has to be notified over here that data related to names and social security numbers were also exposed to hackers during the incident and this was confirmed to the correspondent related to BBC.

Coming to the second news which is trending on Google and related to Cyber Attack, UK’s National Cyber Security Center shortly acclaimed as NCSC has discovered that the cyber attack carried out on over 2000 websites in Georgia was carried out by hackers working for Russian Military Intelligence agency- GRU.

Law enforcement agencies from the UK and the US formed a team to investigate the 2019 cyberattack launched in the country of Georgia. And the Russian involvement in the attack was confirmed by Foreign Secretary Dominic Raab who described the incident as “totally unacceptable”.

Thirdly, a cyber attack on INA Group which happens to be Croatia’s biggest oil company having the largest petrol station chain is said to have disrupted some business operations of the company.

INA has confirmed that the incident took place on the Valentines’ day of this year at 22:00 hours local time and was a CLOP ransomware attack variant.

No disruption was reported on the fuel station transactions related to payment and fuel dispense. However, a source reports that the company’s backend servers were deeply encrypted by the file-encrypting malware.

The post Google trending Cyber Attack news headlines appeared first on Cybersecurity Insiders.

February 21, 2020 at 08:35PM

Read More

DNA data become a soft target for hackers who are stealing it via Cyber Attacks

A team of security experts from Israel has warned that hackers are seen sweetly preying on DNA Research repositories these days as it proving lucrative to them. Researchers from Ben Gurion University (BGU) have released a white paper on the issue and published the same in their recent Journal Eurosurveillance.

 

Speaking about the dangers unfolding in microbiology advances, the experts have highlighted the fact that data related to genome sequences of pathogens which might bring a revolution into the detection of infectious diseases is said to be topping as a favorite subject for hackers to infiltrate related databases.

 

As DNA Sequencing has become cost-effective, scientists are trying to move their scientific inventions and discoveries in the related field from labs to the field and eventually into the homes of humankind. As this data is valuable, hackers are seen preying on these subjects as they are being funded to do so in some state-sponsored attacks.

 

BGU researchers say that such data should be proactively protected from digital invasions rather than indulging in an afterthought. Otherwise, it can lead to a bio-war where hackers eject false threats or use tools to delay recognition of epidemics in time.

 

Note- The recent Wuhan Virus, widely known as Coronavirus or Covid 19 might be a test sample of a bio war which China could have devised it for future use and spilled it midway due to a human error or a cyber attack on its database which resulted in the spread of the infection due to an altercation in lab chemical composition- resulting in a world crisis.

 

The post DNA data become a soft target for hackers who are stealing it via Cyber Attacks appeared first on Cybersecurity Insiders.

February 21, 2020 at 11:00AM

Read More

Ransomware attack on ISS World

ISS World, a Denmark based company that is into catering, cleaning and security business is reported to have become a victim of a ransomware cyberattack. The company’s website has been inaccessible since Feb 17th of this week and the management at the London’s Surrey, Canary Wharf and Weybridge offices consisting of 43,000 staff members are unable to access emails since then.

 

ISS (International Service System) officials say that the database has been locked from being accessed due to file-encrypting malware infection and details on the ransom demand are yet to be disclosed.

 

As the impact will affect more than 500,000 global employees of the company at some point in time, authorities are working round the clock to restore the services as quickly as possible.

 

ISS says some servers and services have been restored. But a lot of work is pending which is due to be completed by this month-end.

 

Note 1- Nowadays hackers are seen stealing data before encrypting a database and this ensures that they do not remain empty-handed if the victim fails to pay as the stolen data can be sold on the marketplace of the dark web.

 

Note 2- In the recent ransomware threat report compiled by SonicWall, its sensors and researchers have detected a whopping total of 187.8 million ransomware attacks in 2019. Here, attackers are seen making more money from few, but high profile victims.

 

The post Ransomware attack on ISS World appeared first on Cybersecurity Insiders.

February 21, 2020 at 10:58AM

Read More

Is the cybersecurity skills gap real?

An independent guest blogger wrote this blog.
If you do a web search for “cybersecurity skills gap,” you’ll get many, many pages of results. It’s certainly a hot topic in our industry. And it’s a matter that security practitioners and human resources people often disagree on.
But before I get further into the matter, it would help to know what it is we’re talking about when we use the phrase “cybersecurity skills gap.”
From the perspective of employers, it means that potential job applicants don’t have the specific cybersecurity skills they’re looking for, and possibly the people they already employ don’t have the skills to be promoted into new cybersecurity related positions. This can be a really tricky area, because computer technology evolves very quickly, and often universities, colleges, and vocational schools…

Posted by: Kim Crawley

Read full post

      

The post Is the cybersecurity skills gap real? appeared first on Cybersecurity Insiders.

February 21, 2020 at 09:09AM

Read More

Google Adsense users facing extortion Cyber Threats with fake web traffic

If you maintain a website, then you will surely know what Google does if you flood your website with fake web traffic. Yes, for the first count it bans you on a temporary note and as soon as it detects a ‘repeat’, the web search giant completely blocks your website from being indexed on its search engine permanently. Then you probably have the other choice rather than buying a new domain.

Now, the news is out that Google Adsense users are getting extortion threats on a digital note via email saying that their website will be flooded with fake web traffic which can lead to a ban by the search giant. And they are demanding a $5,000 ransom to be paid in Bitcoins to remove their website from the extortion campaign.

Krebs On Security reports that the extortion campaign seems to be intense as hackers are threatening to a cyber attack the website for the second time with fake traffic which will initiate the Alphabet Inc’s subsidiary to impose a permanent ban on the website.

Google has however reassured that it has all the necessary tools to protect websites from fake traffic. And a dedicated help page for form submission has been set up for the Adsense Publishers if in case they feel threatened due to Sabotage. So, for now, there is nothing much to worry about for the Adsense users.

However, the internet juggernaut is clueless about how the email Ids of its Adsense users have reached the workstations of the hackers.

The post Google Adsense users facing extortion Cyber Threats with fake web traffic appeared first on Cybersecurity Insiders.

February 20, 2020 at 08:40PM

Read More

What is a Gen 6 Cyber Attack

As the cyber attack vectors are ever-evolving, it is becoming increasingly challenging for companies and individuals to protect themselves from the dangers lurking in the digital landscape.

 

Recent research carried out by security researchers of Check Point has concluded that most companies operating these days are lacking the basic cyber defenses and those which have are only capable of combating with 3rd generation of cyber-attacks while the demand now is for 6th generation.

 

Now to those who are unaware of the “Generation” difference of cyberattacks, here’s a timeline denoting them-

 

Gen 1– Started in the 1980s, the Generation 1 Cyber Attacks had hackers spreading the virus to PCs and workstations via Floppy disks. And this led to the invention of signature-based anti-virus solutions- with first being probably from Norton.

 

Gen 2– In the Mid 90s/ cyber attacks on networks paved way to the next generation of attack evolution which made companies introduce firewalls to secure the perimeters of IT infrastructures from cyber crooks.

 

Gen 3- This generation of cyber attacks was witnessed at the start of the 20th century where attackers started to focus their exploitation on industrial applications- which paved the way to hackers to see cybercrime as a business. Botnets were being used to send out spam paving way for companies to introduce Intrusion Prevention Systems (IPS).

 

Gen 4- Rise of targeted attacks began in 2010 where governments around the world started to use cyber tools as weapons for mass destruction. And this led to the introduction of Behavioral Analysis solutions.

 

Gen 5- The year 2016 witnessed the emergence of multi-vector attacks which were mostly state-sponsored and thus had the potential to destruct at a greater note.

 

Generation 6 cyber attacks– In the evolution timeline of cyber attacks, the Gen 6 attacks happen to be most destructive as hackers are devised with tools to attack everything and anything digital. Also, in the coming days i.e. after the introduction of the 5G network, attacks on IoT might increase at an alarming rate which will pave way for complex security requirements.

 

“From IP cameras to smart TVs and from smartphones to connected cars, everything will become vulnerable to Gen 6 attacks,” says Itai, Greenberg, VP Product Management at Check Point.

 

 

The post What is a Gen 6 Cyber Attack appeared first on Cybersecurity Insiders.

February 20, 2020 at 10:34AM

Read More