💡

"Gives me everything I need to be informed about a topic" - __UK.Gov__

Table of Contents

1. Sixth Sense Debunked: The Angelsense Data Leak

2. How to Brew a Perfect Cybersecurity Latte with a Shot of Culture

3. Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden

4. The Wacky World of Phobos Ransomware: When Bad Actors Get Indicted

5. How Hackers Target Your Active Directory with Breached VPN Passwords

6. Good Buckets Gone Bad: When S3 Goes Rogue

Sign up for CISO Intelligence.

21st century industry insights for the modern CISO

It won't hurt, I promise.

Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

Sixth Sense Debunked: The Angelsense Data Leak

_Angelsense's data breach reveals their guardian tech wasn't watching its own back._

What You Need to Know

Executives must be aware that the Angelsense data breach is a pressing cybersecurity incident that exposes sensitive GPS and AI data associated with assistive devices widely used by vulnerable populations. The situation demands immediate action: tightening organizational security protocols and crisis communication plans to mitigate reputational damage and reduce the potential misuse of exposed data. Ensuring that external partnerships do not introduce similar vulnerabilities is also paramount. The executive management team is expected to mobilize resources for incident response, prioritize customer and stakeholder communication, and initiate third-party security audits to prevent future breaches.

CISO focus: Data Protection and Privacy

Sentiment: Strong Negative

Time to Impact: Immediate to Short

*

In a striking breach of digital trust, Angelsense, a provider of GPS and AI-centric assistive technology products, suffered a significant data leak. This incident uncovered vulnerabilities affecting sensitive data, raising alarms around cybersecurity standards in tech solutions marketed to vulnerable communities. It signals the urgent need for providers to patch vulnerabilities in real-time, safeguarding privacy and integrity.

Immediate Breach Details

Scope of the Leak: Angelsense's systems were found vulnerable, potentially allowing unauthorized access to its customers' GPS and AI data. This could expose real-time location data, historical movement logs, and personal user information.

Stakeholder Impact: The breach predominantly affects parents and caregivers of children with disabilities, as Angelsense devices are trusted companions designed to assist the particularly vulnerable.

Vulnerabilities and Exposures

Technical Shortcomings : The data leak stemmed from misconfigured cloud servers and insufficient encryption protocols, rendering sensitive information accessible to unauthorized entities.

Exploit Potential : Malicious actors could leverage this information for identity theft, stalking, and other criminal activities, posing significant personal safety risks.

Industry-Wide Implications

Regulatory Scrutiny : This breach is likely to spur regulatory bodies into action, enforcing stricter compliance and security standards in assistive technology and broader IoT sectors.

Trust Erosion : Consumer trust in assistive technologies is at risk. The Angelsense breach underlines the importance of transparency and robust cybersecurity strategies to maintain consumer confidence.

Response Strategy

While Angelsense’s initial response included public acknowledgment and system patching efforts, there remain critical steps to ensure comprehensive recovery and prevention. Organizations must:

1. Strengthen Security Measures : Implement end-to-end encryption and multifactor authentication, alongside regular security audits.

2. Crisis Management : Execute clear, empathetic communications with affected users, detailing remediation steps and security enhancements.

3. Continuous Monitoring : Establish enhanced monitoring capabilities to detect and address potential future attacks promptly.

The Broader Cybersecurity Landscape

Women and Children First : Given the data exposed centered around highly vulnerable users, parallels are drawn to broader societal responsibilities and the technological realms protecting them.

Tech Industry Accountability : As more intimate and sensitive products emerge, industry leaders must prioritize ethical stewardship and rigorous standards.

*

Vendor Diligence Questions

1. What encryption standards and protocols do you employ to ensure data privacy and security?

2. How regularly do you conduct third-party security audits, and can you provide recent outcomes or certifications?

3. What are your protocols for reporting and responding to detected data breaches to both regulators and customers?

Action Plan

1. Immediate Investigation : Conduct a thorough forensic investigation into the breach's root causes and affected scopes.

2. Communication Strategy : Develop immediate communication plans for both internal teams and external stakeholders, focusing on transparency and forthcoming corrective measures.

3. Security Protocols Revision : Review and enhance security policies, focusing primarily on user data protection, to prevent similar incidents.

*

Source: Sixth Sense: GPS and AI Data Exposed for Assistive Devices | UpGuard

*

How to Brew a Perfect Cybersecurity Latte with a Shot of Culture

_Sometimes it’s not about reinventing the wheel, but choosing the right tires._

What You Need to Know

In an era where cyber threats are more pervasive and sophisticated, building a cybersecurity-first culture is imperative for survival and success. Senior management needs to integrate security principles into all aspects of the organization and prioritize cybersecurity in both internal processes and customer engagements. We are expected to lead by example and champion cybersecurity initiatives that foster awareness and proactive defense strategies.

CISO focus: Cybersecurity Culture

Sentiment: Positive

Time to Impact: Short (3-18 months)

*

Crafting a Cybersecurity-First Culture

In today's rapidly evolving digital landscape, cybersecurity is no longer just a technical issue but a strategic imperative. Businesses are now tasked with the essential responsibility of building a culture where cybersecurity is fundamentally ingrained in their ethos. But how does one go about sculpting such a culture in an organization that isn’t traditionally security-minded? Let's take a closer look.

Why Cybersecurity-First Culture Matters

* Pervasive Threats: As cyber threats become more sophisticated and targeted, organizations can no longer afford to treat cybersecurity as an afterthought. The consequences of breaches—financial losses, reputational damage, and operational disruptions—highlight the need for robust internal defenses.

* Regulatory Compliance: With regulations like GDPR, CCPA, and others tightening the reigns on data protection, a cybersecurity-first mindset ensures compliance and avoids hefty fines.

* Trust and Transparency: Customers today are well-informed and demand transparency about how their data is handled. A commitment to cybersecurity not only protects brand integrity but also builds trust with clients and partners.

Core Strategies to Embed Cybersecurity into Industry DNA

* Top-Down Leadership: Leadership must model the behavior they wish to see, thereby making cybersecurity a priority from the boardroom down to every employee. This clarity of vision galvanizes the organization, aligning everyone towards a common security-first goal.

* Comprehensive Training Programs: It is imperative to implement continuous education and training for all employees, not just IT staff. Many breaches occur due to human error. Regular training sessions ensure everyone is aware of the latest threats and practices.

* Interdepartmental Collaboration: Encouraging collaboration between different departments secures more holistic protection strategies. Cyber risks often transcend departmental borders and require a synchronized defense.

* Responsive Incident Management: Develop protocols for incident response to ensure that when a threat emerges, it is effectively and rapidly contained and neutralized. A rapid response not only mitigates damage but also reduces potential downtime.

Practically Speaking: Implementing Security-First Initiatives

* Regular Audits and Penetration Testing: Validate the efficacy of your security measures with regular testing. This identifies weaknesses and solidifies defenses against unforeseen threats.

* Adopt Zero Trust Architecture: Embrace a zero-trust model where devices, users, and networks are presumed untrusted by default. By verifying every access request comprehensively, organizations reduce potential attack vectors.

* Encourage Security Champions: Appoint ‘security champions’ within different departments who are responsible for promoting best practices and acting as liaison points between the CISO's office and their teams.

When it Hits the Fan

Embracing a cybersecurity-first culture is not just an exercise in better IT but a strategic pivot that organizations must undergo to navigate the treacherous digital landscape confidently.

*

Vendor Diligence

How does the vendor ensure their solutions are in compliance with emerging cybersecurity regulations?

What measures are in place for continuous monitoring and improvement of security protocols?

Can the vendor provide case studies or references attesting to their success in implementing cybersecurity initiatives?

*

Action Plan

Conduct a Security Culture Assessment: Evaluate the current state of security practices across the organization.

Develop a Cross-Departmental Cybersecurity Committee: Form a group from diverse departments to oversee the integration of security measures at all levels.

Schedule Regular Security Awareness Workshops: Establish a calendar of ongoing training for all staff, tailored to specific departmental risks and responsibilities.

*

Source: How CISOs Can Build a Cybersecurity-First Culture

*

Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden

_Shh… silence is golden unless you’re a school in distress._

What You Need to Know

Corporate board members and executive management should note the growing trend of school cyberattacks being silenced by specialized firms hired to handle breaches discreetly. These firms aim to minimize public exposure and mitigate reputational risk. There is a delicate balance between confidentiality and transparency that needs addressing to ensure stakeholders, including students and parents, are adequately informed. You are expected to review current communication practices surrounding cybersecurity incidents, consider policy updates, and assess whether similar needs exist within your organization.

CISO Focus: Incident Response and Crisis Management

Sentiment: Neutral

Time to Impact: Immediate

*

Secrets of the Cyber Schoolyard

In an era where privacy breaches make headlines almost daily, an undercurrent of discreet operations is quietly reshaping how educational institutions handle cyber incidents. Specialized firms have emerged as the gatekeepers of information, hired to manage and, more critically, contain news about cyberattacks targeting schools. These 'hired guns' ensure that any cybersecurity breach that might cast a shadow on an institution's reputation stays firmly in the shadows.

The Rise of Discretion over Disclosure

Schools have increasingly become prime targets for cybercriminals. The attraction lies in the sensitive data they hold and the relative vulnerability in their cybersecurity defenses. Unlike corporate giants that often have comprehensive cybersecurity infrastructure, educational institutions tend to have budget constraints that leave them exposed. This has led to a growing reliance on firms adept at crisis management—entities that specialize in the subtler art of maintaining discretion.

Why Schools Hire These Firms:

To prevent panic and maintain trust amongst students and parents.

To protect institutional reputation and avoid potential legal implications.

To have experienced professionals navigate the complex interplay of incident response and narrative control.

Ethical Concerns and Collateral Challenges

The operations of these firms raise significant ethical questions. Transparency is a cornerstone of informed consent and public trust, yet the covert containment of cyber incidents arguably borders on deception. The intention might be damage control, but the long-term implications can include weakened trust not just in the institution, but in the education system as a whole.

Furthermore, the secrecy surrounding these breaches means that opportunities to leverage lessons learned are often lost. The collective knowledge that could bolster the sector's cybersecurity posture remains untapped, locked away behind non-disclosure agreements and confidential rapports.

What Stakeholders Should Know

For parents and policymakers, awareness is critical. Recognizing the potential for data breaches is essential, and demanding transparency while respecting necessary confidentiality can lead to better outcomes for all parties involved.

Critical Questions:

How does an institution balance confidentiality with the need for transparency?

Are there best practices that can make the use of these firms more beneficial for the community?

What role should regulators play in ensuring schools' cybersecurity measures are adequate without undermining their operational discretion?

A Peek Behind the Digital Curtain

The clandestine operations of these firms don't exist in a vacuum. They're part of a broader cybersecurity ecosystem where discretion is sometimes as valuable as detection. This raises a poignant reflection on where the line should be drawn between silent mitigation and informed resolution.

Lessons from the Back-of-House

So, should educational institutions bear public accountability even if that means risking their standing? It’s a rhetorical dance that cybersecurity professionals and school management must choreograph delicately. The need for discretion in crisis management is undeniable, but as stakeholders demand transparency, particularly in environments nourishing young minds, achieving this equilibrium becomes an intellectual exercise in ethical and operational excellence.

*

Vendor Diligence Questions

1. How do you ensure the services provided align with our ethical standards of transparency and accountability?

2. What frameworks or protocols do you follow to balance confidentiality with necessary disclosure?

3. Can you provide anonymized case studies of past incidents managed to demonstrate your approach to incident containment?

Action Plan

1. Evaluate Existing Protocols: Review current crisis management frameworks for handling cyberattacks, focusing on transparency.

2. Stakeholder Engagement: Develop a communication plan that outlines how and when to communicate with stakeholders during a breach.

3. Vendor Assessment: Conduct a comprehensive assessment of third-party vendors, including those providing crisis management, to ensure they align with institutional values.

4. Training and Awareness: Initiate periodic training sessions that mentally prepare staff and stakeholders for incident responses that are both confidential and communicative.

*

Source:

Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden, DataBreaches.net

<https://databreaches.net/2025/02/04/kept-in-the-dark-meet-the-hired-guns-who-make-sure-school-cyberattacks-stay-hidden/>

*

The Wacky World of Phobos Ransomware: When Bad Actors Get Indicted

_Where there’s Phobos, there’s fire._

What You Need to Know

The United States Department of Justice has indicted members of the 8Base ransomware group for orchestrating a series of sophisticated cyberattacks using Phobos encryption. This form of ransomware has been responsible for numerous high-profile breaches, stealing data, and extorting victims. The executives are advised to review and strengthen their organization’s cybersecurity defenses, enhance incident response plans, and ensure legal compliance concerning data protection.

CISO focus: Ransomware Prevention and Incident Response

Sentiment: Negative

Time to Impact: Immediate

*

Intriguing Indictments in the Ransomware Realm

The cyber world was seized with a mix of anticipation and alarm when the Department of Justice (DOJ) recently announced the indictment of members from the 8Base ransomware group, notorious for their deployment of the Phobos encryption ransomware. This indictment highlights the increasing sophistication and audacity of cybercriminals operating under quasi-organized crime syndicates using this potent ransomware variant.

Anatomy of a Cyber Menace: Understanding Phobos

Ruthless Encryption: Phobos is a ransomware strain that particularly targets mid-sized companies, encrypting crucial data and demanding a hefty ransom for release.

Silent Infiltration: Characterized by its ability to infiltrate systems through weak links in remote desktop protocols, Phobos is often deployed with precision by skilled attackers who have mapped out the target's vulnerabilities comprehensively.

Broad Impact: The attacks orchestrated by the 8Base operators have left a significant trail across various sectors including healthcare, education, and the small-to-medium enterprise domain, severely impacting operational continuity.

The Legal Clampdown: DOJ Steps Up

The move by the DOJ to indict the 8Base crew underscores a zero-tolerance stance against ransomware operators masking their tracks through complex layers of encryption. The indictment serves a dual purpose: a stern warning to other cybercriminals and a reassurance to victims that the gears of justice are turning.

What This Means for Businesses

Proactivity is Key: Businesses are urged to be proactive, not reactive, when dealing with ransomware threats. Effective measures include regular updates to cybersecurity protocols and continuous monitoring of network activities.

Training and Awareness: The human element remains the weakest link; hence, comprehensive training for employees in identifying phishing attacks and other threats is indispensable.

Backup and Recovery Plans: Organizations should ensure that robust backup protocols are in place so that, in the event of an attack, data can be restored without meeting the criminals' demands.

Upping the Cybersecurity Game

Considering the vulnerabilities exploited by Phobos, strengthening the cybersecurity framework is necessary. This involves a strategic mix of technology, policy, and educated workforce:

Deploying Comprehensive Solutions: Next-gen firewalls and endpoint detection and response (EDR) solutions can serve as the first line of defense.

Regular Security Audits: Conducting audits and penetration testing to identify weaknesses before malicious actors can exploit them.

Incident Response Teams: Establish dedicated teams for rapid response to potential breaches, including forensic analysis to understand the attack vectors.

The Looming Threatscape

The increase in ransomware sophistication, like that observed with 8Base and Phobos, signals a broader threat landscape where attacks will become more personalized and targeted. The consequences are dire for businesses, from financial drain to reputational damage. Regulatory compliance with data protection laws adds another layer of complexity, making it vital for enterprises to double down on their cybersecurity investments.

Phobos: The Final Countdown

While the indictment of 8Base members is a significant victory in the fight against cyberspace malfeasance, there is a long road ahead to deter such crimes effectively. As cybercriminals become more cunning, the cybersecurity community must remain vigilant, constantly adapting to new threats and crafting innovative defenses to protect our digital frontier.

*

Vendor Diligence

1. How does your solution protect against sophisticated ransomware attacks, specifically those using remote desktop protocol vulnerabilities?

2. What are your capabilities in terms of rapid deployment of patches against newly discovered vulnerabilities?

3. Can you verify your compliance with the latest data protection regulations concerning ransomware attack responses?

Action Plan

Conduct an immediate review of current cybersecurity measures, especially focusing on anti-ransomware solutions.

Schedule an organization-wide cybersecurity awareness training focusing on ransomware avoidance.

Collaborate with IT and legal teams to update incident response strategies and ensure regulatory compliance.

*

Source: US indicts 8Base ransomware operators for Phobos encryption attacks

*

How Hackers Target Your Active Directory with Breached VPN Passwords

"VPNs: Because cybercriminals deserve your undivided attention."

What You Need to Know

The cybercriminal landscape has evolved beyond simple attacks, now exploiting breached VPN passwords to infiltrate Active Directory environments, impacting essential business operations. Executives need to urgently prioritize strengthening VPN security protocols and invest in tools to monitor unusual activities in their network environments. Swift and strategic action is crucial to withstand these sophisticated cyber threats.

CISO Focus: Network Security and Identity Management

Sentiment: Strong negative

Time to Impact: Immediate

*

The Silent Network Invader: VPN Breaches

In recent cyber incidents, malicious actors are capitalizing on breached VPN credentials to target Active Directory environments—a critical element for organizations managing identity and access controls. This newfound method of penetration is raising significant concerns across industries, leading to a pressing call for beefed-up security measures. Leveraging VPN passwords obtained from breaches, hackers can stealthily orchestrate attacks, affecting organizational security at a foundational level.

Understanding the Threat

Virtual Private Networks (VPNs) serve as gateways to corporate networks, allowing secure access for remote operations. However, the compromise of these credentials poses a direct threat as cybercriminals utilize them to maneuver through the network and execute harmful activities. Once within the corporate fortress, their primary target often becomes the organization's Active Directory (AD), which can be manipulated to alter user permissions, and introduce malware, potentially crippling essential business operations.

Recent Breach Illustrations

Recent cyber events illustrate how easily VPN breaches can be leveraged. Cybercriminals, armed with stolen credentials, often purchased on the dark web, have managed to gain unauthorized access to numerous networks. Once inside, the focus has been on exploiting AD vulnerabilities. By mimicking legitimate user behavior, these threat actors manage to fly under the radar, avoiding detection while they pivot deeper into the system infrastructure.

Consequences of Unchecked Access

The implications of compromised VPN credentials can be catastrophic:

Data Theft: Cybercriminals can access sensitive information, leading to data breaches.

Financial Loss: Organizations may face costly downtime and regulatory fines.

Reputational Damage: Trust is eroded, which can jeopardize customer and partner relationships.

Proactive Defense Strategy

To combat these infiltrations, experts recommend a multi-layered security approach:

Strengthen VPN Security: Ensure all VPN connections require multi-factor authentication (MFA) to prevent credential misuse.

Monitor Network Activity: Employ advanced network monitoring tools to identify anomalous behavior or unauthorized access attempts.

Regular Password Audits: Conduct regular assessments and forced password changes to keep credentials fresh and secure.

Educational Workshops

Employee Awareness: Regular training programs to educate employees on recognizing phishing attempts that often lead to credential breaches.

Simulation Drills: Conduct trial runs of breach scenarios to test response preparedness and refine incident response plans.

The Active Directory Audit

A thorough audit of Active Directory processes can help reinforce defense mechanisms:

Implement strict access controls, ensuring only necessary personnel have AD access.

Regularly update security patches to mitigate known vulnerabilities.

Utilize logging to track changes in user permissions and detect unauthorized access expediently.

When You Miss the Boat

In the scenario where a breach does occur, a well-prepared incident response team can minimize damage:

Immediate Isolation: Quickly isolate affected systems to prevent lateral spread within the network.

Communication Protocol: Have a pre-established communication plan to inform stakeholders and the relevant authorities.

Mitigating the risks associated with breached VPN passwords requires vigilance and proactive measures. While the sophistication of cyber threats continues to grow, robust security frameworks and vigilant monitoring practices can provide a strong defense against these network invaders.

Vendor Diligence Questions

1. How does your solution enhance VPN security, particularly against credential compromise?

2. What features do you offer for real-time monitoring and detection of unauthorized access attempts?

3. Can your technology facilitate seamless integration with existing Active Directory security measures?

Action Plan

1. Deploy Multi-factor Authentication (MFA): Initiate MFA on all VPN connections immediately.

2. Conduct an Active Directory Audit: Review and tighten access controls, and update security patches.

3. Enhance Network Monitoring: Implement continuous network monitoring systems to detect anomalies.

4. Initiate Employee Training: Schedule regular cyber hygiene workshops and phishing awareness programs.

5. Prepare an Incident Response Drill: Conduct drills to ensure preparedness and effective mitigation of potential breaches.

*

Source: How hackers target your Active Directory with breached VPN passwords

*

Good Buckets Gone Bad: When S3 Goes Rogue

_S3 buckets don't squat—attackers do!_

What You Need to Know

S3 Bucket Namesquatting is an emerging attack vector that exploits accidental typographical errors in bucket names to execute malicious acts. As leaders, you are advised to direct your IT and security teams to review and audit all existing S3 buckets, ensuring consistent naming conventions and access controls. Prepare for rapid responses to any anomalous activity associated with these storage resources.

CISO Focus: Data Protection & Cloud Security

Sentiment: Strong Negative

Time to Impact: Immediate

*

In the evolving landscape of cyber threats, a new player has entered the fray: S3 Bucket Namesquatting. This technique renders seemingly benign storage resources into potential nightmares, where attackers use namesquatting to imitate legitimate resources and perform malicious activities. But what exactly is S3 Bucket Namesquatting, and why should it matter to you? This article unveils the threat with an inverted pyramid approach, dissecting the immediate risks down to detailed preventive measures.

Rising Threat: Namesquatting in AWS

Namesquatting traditionally touched domains, but it's now infiltrating AWS S3 buckets—vital components of cloud infrastructure. Attackers register bucket names resembling those used by organizations, often leveraging typos or omitted characters. When apps or systems connect to these rogue buckets, attackers can hijack data, inject malicious payloads, or perform phishing schemes using trusted brands.

Immediate Risks to Organizations

1. Data Leakage : Once an unauthorized bucket is mistaken for an official one, sensitive data could be inadvertently exposed or stolen.

2. Malware Distribution : Misconceptions in bucket identification can lead application developers or users straight into malware-filled traps.

3. Reputation Damage : Trust is fragile. An attack utilizing namesquatted buckets could stain an organization's credibility if publicized.

Why Namesquatting Works

Namesquatting exploits the oversight in validating storage paths. Many organizations do not enforce stringent URL checks beyond initial setups, leading to vulnerabilities that attackers exploit. The decentralized nature of cloud systems, where bucket controls are often managed across various departments, exacerbates this issue.

Best Practices to Counteract

Organizations must adopt proactive strategies to mitigate this risk:

* Audit and Monitor : Regularly audit S3 bucket access and permissions. Implement continuous monitoring systems to alert on logical inconsistencies or access deviations.

* Naming Consistency : Create and enforce strict naming conventions across teams. Utilize uniform naming structures to reduce the risk of exploitable errors.

* Access Controls : Leverage AWS Identity and Access Management (IAM) to enforce principle of least privilege, ensuring each bucket interaction is necessary and secured.

* Validation Protocols : Integrate an enhanced validation protocol within data handling processes to ensure destination authenticity.

The "Oops" Moment of Realization

For those wondering why they haven't yet faced an issue: consider yourselves lucky or perhaps ahead of the curve. Vigilance is key. The simplicity of these attacks means they're not going away anytime soon.

*

Vendor Diligence Questions

1. How does your service provider ensure the integrity and authenticity of S3 buckets in use?

2. What measures are currently in place to detect, notify, and respond to namesquatting attempts?

3. Can you provide detailed insight into your data access and validation mechanisms through your cloud services?

Action Plan

* Immediate Audit : Conduct an audit of all active buckets to identify current misconfigurations and unauthorized access.

* Policy Review : Implement an organization-wide bucket naming policy that minimizes risk of confusion or error.

* Security Training : Facilitate training sessions on cloud security best practices focusing on AWS services and namesquatting risks.

* Engage with Vendors : Collaborate with cloud providers to explore additional security features or tools specifically addressing namesquatting vulnerabilities.

*

In a world where cyber threats evolve faster than our defenses, steering clear of S3 bucket namesquatting becomes not just necessary but urgent. Professionals and organizations alike must adopt robust security architectures and perpetually adapt. Don't wait to be the next headline for all the wrong reasons.

*

Sources:

"How Attackers Abuse S3 Bucket Namesquatting — And How to Stop Them," Bleeping Computer

"AWS S3 Permissions Guide," Amazon Web Services

"Common Cloud Security Challenges," Security Magazine

*

_CISO Intelligence is lovingly curated from open source intelligence newsfeeds and is aimed at helping cybersecurity professionals be better, no matter what their stage in their career._

_We’re a small startup, and your subscription and recommendation to others is really important to us._

*Thank you so much for your support!(