💡

"Gives me everything I need to be informed about a topic" - __UK.Gov__

Table of Contents

1. Operation FishMedley: Cast Your Line, Catch a Threat

2. Short Circuit: When Robotics Vendors Spill the Beans

3. FBI Warnings are True—Fake File Converters Do Push Malware

4. SAML Roulette: When Hackers Bet, You Lose

5. Cloudflare: Encrypt or Get Lost

6. Cybersecurity's Latest Pop Quiz: Can Your Website Pass the Test?

Sign up for CISO Intelligence.

21st century industry insights for the modern CISO

It won't hurt, I promise.

Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

Operation FishMedley: Cast Your Line, Catch a Threat

_Fishing for cyber threats in troubled waters._

What You Need to Know

Operation FishMedley is a sophisticated cyberattack campaign executed by the FishMonger APT group, primarily targeting governments, NGOs, and think tanks across Asia, Europe, and the United States. The techniques used – including ShadowPad, SodaMaster, and Spyder implants – align with methods typically employed by China-aligned threat actors. The executive team needs to assess their organization's exposure to this threat and implement an immediate strategic response plan to mitigate risks associated with this operation.

CISO Focus: Advanced Persistent Threats (APTs)

Sentiment: Strong Negative

Time to Impact: Immediate

*

Operation FishMedley: A Dive into Cyber Espionage

The recent Operation FishMedley has once again highlighted the persistent and ever-evolving threat landscape faced by entities worldwide. Conducted by the nefarious FishMonger APT group, this operation specifically targeted key verticals, posing severe risks to sensitive information and national security.

Key Details and Implications

* Targets Identified : Reporting from ESET indicates that the operation targeted a diverse array of sectors including governmental bodies, NGOs, and influential think tanks. This broad range of targets across Asia, Europe, and the U.S. underscores the global scale and strategic intent behind the attacks.

* Techniques and Tools : The technical arsenal employed in the operation featured ShadowPad, SodaMaster, and Spyder implants - tools commonly associated with China-aligned threat actors. These sophisticated implants allow attackers to maintain prolonged access to systems, exfiltrate data, and manipulate infected networks.

* Attribution and Motives : While the DOJ’s indictments are independent, ESET asserts with high confidence that the FishMonger APT group is responsible. This group is believed to be operated by the elusive I-SOON entity. The motivations appear to be aligned with classic cyber espionage tactics: unauthorized access to sensitive information and intellectual property exploitation.

Strategic Cybersecurity Recommendations

Operational stability and data integrity are critical for characterized organizations to shield against such threats. Immediate action steps include:

1. Risk Assessment : Conduct a comprehensive evaluation to determine vulnerability exposure, focusing on the aforementioned implants and typical cyber espionage vectors.

2. Security Enhancements : Implement strengthened security measures, particularly around data encryption, monitoring, and threat detection systems. Ensure robust endpoint protection to limit the initial implant success.

3. Employee Awareness and Training : Facilitate updated cybersecurity training programs to raise awareness about APT tactics and introduce defensive practices against sophisticated phishing campaigns or exploitation attempts.

4. Collaboration and Reporting : Encourage cross-sector collaboration and timely reporting of any cybersecurity incidents to central cybersecurity agencies to assist in broader containment efforts.

In a world ripe with digital skullduggery, staying ahead of cyber adversaries requires vigilance, agility, and a willingness to innovate. Let's all be fishers of security, and not the fish caught unaware in malicious cybernets.

*

Vendor Diligence Questions

1. How does the vendor's current security posture address vulnerabilities associated with tools like ShadowPad and SodaMaster?

2. Can the vendor provide a historical record of incident resolution, specifically relating to advanced persistent threats?

3. What measures does the vendor have in place to quickly identify and respond to potential breaches initiated by APT groups?

Action Plan

Objective : Minimize the impact of Operation FishMedley on organizational security and data integrity.

1. Immediate :

Initiate an emergency meeting with IT security teams to address potential vectors identified in the operation.

Enhance network monitoring to detect anomalous activities, specifically those indicative of the FishMonger APT group.

2. Short Term :

Strengthen access policies to critical data systems and update all security patches across vulnerable platforms.

Increase intelligence gathering efforts to monitor for similar threats emanating from China-aligned entities.

3. Ongoing :

Foster international partnerships to gain insights into global threat trends.

Advocate for continuous improvement and scalability of security technologies utilized within the organization.

*

Source: We Live Security - Operation FishMedley

*

Short Circuit: When Robotics Vendors Spill the Beans

_Leaking blueprints? More than just a happy accident for our friendly neighborhood robots._

What You Need to Know

A recent breach involving a robotics vendor has exposed confidential data belonging to major manufacturing firms. This incident was uncovered by UpGuard, demonstrating vulnerabilities in data management practices among third-party vendors. Board members and executive management are expected to re-evaluate vendor relationships and enforce stringent data security measures to prevent future breaches. Immediate review and revision of current vendor contracts and data protection policies are crucial to keep sensitive data secure.

CISO Focus: Third-Party Risk Management

Sentiment: Strong Negative

Time to Impact: Immediate

*

The repercussions of a cybersecurity incident involving a robotics vendor have shaken several major manufacturing companies, spotlighting the constant risks associated with vendor data handling practices. In this breach, sensitive information was unwittingly made accessible, posing significant threats to proprietary designs and strategic business operations.

Unveiling the Breach

The alarm bell rang when UpGuard's Cyber Risk Team discovered unsecured data via an online portal used by a robotics company. This data, comprising detailed schematics, operational blueprints, and private business notes, was inadvertently exposed due to misconfigurations in the vendor's storage systems.

Affected manufacturing firms were informed swiftly, aiming to minimize damage and trigger remedial measures. The urgency of the situation underlined the persistent issue of third-party data mismanagement and its dire implications on primary enterprises relying on such vendors.

Scale and Scope

This breach stretched beyond the confines of a singular entity, impacting several high-profile companies engaged in manufacturing across various sectors. The accessibility of sensitive data not only threatened proprietary interests but also raised potential vulnerabilities related to business competition and intellectual property theft.

Key points include:

Unintentional data exposure due to cloud storage misconfigurations

Disclosure of proprietary designs and business strategy outlines

Increased urgency for revisiting vendor data security protocols

Implications for Third-Party Vendors

Robotics and manufacturing form a nexus of technological advancement that relies heavily on third-party vendors for operational and developmental support. The episode illustrates a glaring oversight in data security and underscores the imperative need for comprehensive monitoring of vendor practices.

Vendors must uphold rigorous security protocols and ensure airtight compliance with data protection laws to bolster confidence and safeguard against unintended data dissemination.

Way Forward for Affected Companies

With affected companies rallying to contain the fallout, several key actions are being prioritized:

Liaising with cybersecurity firms to assess the level of exposure and identify potentially compromised data.

Immediate patching of security gaps and enforcement of robust data protection measures with current and new vendors.

Establishing a constant vigilance mechanism to oversee data access protocols diligently.

A Comedic Take on Security Failures – Not!

While the standards of cybersecurity continue to evolve, this breach throws a wrench into the machinery, reminding us that even the technologically advanced are not immune to lapses. It's a clarion call for introspection and action – where humor finds little room amid tightening security standards.

*

Vendor Diligence Questions

1. What is your protocol for ensuring data security in cloud engagements and how frequently do you audit these processes?

2. How do you manage authentication and access controls to prevent unauthorized data exposure?

3. In the event of a security breach, what are your established crisis management procedures?

Action Plan for CISO Teams

1. Immediate Vendor Assessment : Conduct thorough evaluations of all third-party partners to gauge their security postures and determine risk levels.

2. Policy Review and Update : Revise existing data security and vendor management policies to align with current best practices and legal requirements.

3. Enhanced Monitoring : Implement advanced threat detection systems with a focus on anomalies within vendor networks.

4. Vendor Training Programs : Initiate comprehensive cybersecurity training for vendors to inculcate best practices and awareness.

*

Source: Short Circuit: How a Robotics Vendor Exposed Confidential Data for Major Manufacturing Companies | UpGuard

*

FBI Warnings are True—Fake File Converters Do Push Malware

_Clickbait converters: converting your ignorance into malware—free of charge!_

What You Need to Know

The FBI has raised alarms about the proliferation of fake file conversion websites that serve as a conduit for malware infections. These sites deceitfully pose as legitimate file converters but surreptitiously deliver malicious payloads to users' devices. As an executive team, you should be aware of this rising threat and ensure robust communication strategies are in place to educate employees. It’s vital to prevent accidental downloads that could compromise enterprise security.

CISO Focus: Malware Prevention

Sentiment: Strong Negative

Time to Impact: Immediate

*

In an era where digital file conversion seemingly requires no more than a quick Google search, threat actors have seized the opportunity to exploit credulous users around the globe. The FBI recently warned about a burgeoning cyber threat disguised innocently under the facade of online file conversion services. These fraudulent websites promise to convert files from one format to another but instead serve a hearty helping of malware—fortifying the uneasy truth that free lunches, indeed, are mythical.

Who's at Risk

Anyone searching for quick and free file conversion services online is a potential victim. These sites are particularly insidious because they appear legitimate, often ranking high in search engine results. Their primary targets are users who lack stringent security policies or who might be operating on less secure personal devices—ripe pickings for cybercriminals looking to breach the fortresses of larger corporate entities through smaller, more vulnerable gates.

The Danger Lurking

Upon visiting these websites, users are typically instructed to upload a file—often with the intention to convert it, say from a PDF to a Word document. The conversion process never truly happens. Instead, when the user attempts to download their 'converted' file, they instead download malware. This malware can vary from adware, which floods a user with unwanted ads, to more severe threats like ransomware, which could lock users out of their own systems until a ransom is paid.

Immediate Actions to Mitigate Risks

1. Update and Educate: Regularly update all employees about the latest cyber threats. Awareness is the first line of defense against phishing and malware attacks.

2. Restrict Access: Implement network policies to restrict or flag access to known illicit websites and untrusted sources, utilizing a robust web-filtering service.

3. Deploy Security Software: Equip all corporate devices with comprehensive and updated antivirus and anti-malware software. Ensure it runs regular system checks.

4. Implement Endpoint Protection: Adopt endpoint detection and response software to monitor, detect, and respond to potential threats swiftly.

The CIA of Cybersecurity is Your Friend

Confidentiality: Emphasize the importance of not sharing company files on external sites unless absolutely necessary.

Integrity: Ensure downloaded files are scanned for threats and verify their authenticity before opening.

Availability: Regular backups are a safety net. An effective backup strategy mitigates data loss risks posed by ransomware.

Recognizing the Red Flags

The tell-tale signs of these fraudulent file converters include unusually large banner ads, too good to be true conversion promises (any format under the sun), or sketchy domain names reeking of recently registered URLs. Moreover, some may request unauthenticated permissions or downloads of unspecified “required” software.

Why It Matters Now

The exploitative nature of these attacks demands immediate attention. In today’s interconnected workspace, a breach on a personal level can quickly escalate to affect entire corporate structures. With the potential for significant financial and reputational damage, this seemingly minor threat carries heavy consequences.

The FBI’s warning is not just a cautionary tale; it is an urgent call to action amidst a backdrop of ever-increasing cyber threats. Only through awareness, education, and stringent cybersecurity measures can individuals and corporations alike steer clear of this digital wolf in sheep’s clothing.

*

Vendor Diligence Questions

1. What measures does your service take to ensure the authenticity and safety of file conversion operations?

2. Can you provide detailed reports on how your service monitors and mitigates potential malware threats?

3. How often is your system updated to counteract new and emerging threats?

Action Plan

1. Conduct a comprehensive security audit of employee devices to ensure no malware has been inadvertently downloaded.

2. Increase phishing simulation testing to ensure employees can recognize potential threats.

3. Enhance email filtering to block messages containing links to known fraudulent conversion websites.

*

Source: FBI warnings are true—fake file converters do push malware

*

SAML Roulette: When Hackers Bet, You Lose

_Ever feel like security is a game of chance? With SAML exploits, the house always loses._

What You Need to Know

A significant exploit chain targeting the ruby-saml library has been discovered. The vulnerability allows attackers to perform unauthenticated admin accesses, notably affecting GitLab Enterprise. The issue arises from round-trip attacks and namespace confusion manipulations, leaving systems susceptible to unauthorized intrusions unless promptly addressed. Your security team needs to ensure all necessary patches are implemented immediately, and continue monitoring for any variations of this exploit that might emerge.

CISO focus: SAML Authentication Vulnerabilities

Sentiment: Strong negative

Time to Impact: Immediate

*

In a startling revelation for the cybersecurity community, researchers have unearthed a security vulnerability in the ruby-saml library that could potentially grant cyber attackers unauthorized admin access on platforms like GitLab Enterprise. This discovery underscores the critical importance of understanding and securing SAML authentication processes, as neglect could result in severe data breaches and a loss of trust.

The Discovery's Crucial Details

Initial Revelation: GitHub had independently discovered and patched vulnerabilities affecting their platform, omitting key exploitation details in their disclosure. PortSwigger researchers aim to offer a comprehensive breakdown, intending to bolster communal defenses against these vulnerabilities.

Research Journey: Triggered by Juho Forsén's XML round-trip vulnerability insights, a deep dive revealed an array of round-trip attacks with latent danger patterns akin to SAML's structural nuances.

In-Depth Exploitation: These vulnerabilities exploit parser differentials, resulting in namespace confusion that hackers could use to manipulate token validity, ultimately sidestepping authentication barriers.

The Immediate Implications for Organizations

Rally the Patches: Fast and meticulous patchwork is necessary across any system leveraging SAML authentication using the ruby-saml library. This is an active threat vector, known to be in the wild, with demonstrated potentials already causing ripples in major repositories.

Monitor Persistent Threats: The security landscape is permanently evolving. It's vital to keep an eagle eye on evolving attack vectors, given how research discoveries can spur new exploitations.

Educate Continuously: Extend awareness and education efforts across your teams and affiliates, amplifying the necessity of adept authentication mechanisms and the threats posed by their neglect.

How Does This Affect Your Cybersecurity Posture?

Organizations relying on SAML for secure authentication must heed the lessons laid bare by these findings—failing to adapt could mean betting your security in a rigged game. The attack's sophistication requires a robust understanding of round-trip attacks and parser functionality exploits, to shore up defenses effectively.

A SAML Supper Anyone?

By now, it should be evident: SAML vulnerabilities aren't just a bad roll of the dice—they're an invitation for persistent exploitation. Acting swiftly and knowledgeably is no longer a luxury; it's a necessity. Ensuring that your systems are shielded against such threats isn't just securing your operations; it's safeguarding your enterprise's future.

Given the ongoing nature of cybersecurity threats, it’s pivotal for organizations to remain as agile and informed as the hackers they’re thwarting. By understanding the depth of issues such as SAML vulnerabilities, stakeholders can transform potential fiascos into fundamentally stronger defenses. Keep the roulette wheels turning in your favor—patch, educate, and surveil.

*

Vendor Diligence

1. How does your SAML solution provider address namespace confusion vulnerabilities?

2. What immediate response plan does the vendor offer for discovered zero-day exploits?

3. Can the vendor provide a history of their past vulnerabilities and patch timelines?

Action Plan for the CISO Team

1. Immediate Assessment: Conduct an audit across all deployments utilizing the ruby-saml library to verify patch status.

2. Security Training Refresh: Update training modules for developers and security personnel to include recent SAML vulnerability findings and overload scenarios.

3. Holistic Monitoring: Establish an ongoing monitoring protocol specifically targeting authentication and parser behavior anomalies to detect attempts leveraging these discoveries.

4. Engagement with Experts: Engage with external cybersecurity experts to simulate attacks on your current setup, validating the effectiveness of your patchwork against recent vulnerabilities.

*

Source: PortSwigger

*

Cloudflare: Encrypt or Get Lost

_Apparently, the information highway now requires seatbelts._

What You Need to Know

Cloudflare has implemented a new security measure by blocking all unencrypted traffic to its API endpoints. This means that any API requests that do not use Transport Layer Security (TLS) will be denied, emphasizing the company's commitment to safeguarding data in transit. The executive team must understand this change highlights a strong push towards adopting more secure communication protocols industry-wide. They should reassess and ensure all API communications within the organization are TLS compliant. Immediate steps should be taken to enforce this strategy across all development teams.

CISO focus: Secure Communication Protocols

Sentiment: Strong Positive

Time to Impact: Immediate

*

Cloudflare Enforces TLS for API Security

In a significant push to harden cybersecurity stances and protect data integrity, Cloudflare has announced it will block all unencrypted traffic to its API endpoints, effectively mandating the use of Transport Layer Security (TLS) across its platform. This change forces companies and developers relying on Cloudflare’s services to reevaluate their data transmission protocols and scrap outdated, insecure practices.

Why the Change?

Security Enhancement: By requiring TLS, Cloudflare ensures that all data traveling between clients and servers is encrypted, significantly reducing the risk of interception or tampering by malicious actors.

Global Compliance Push: TLS has long been a standard in secure data transmission. Cloudflare adopting a stricter policy aligns with global cybersecurity frameworks and regulations that emphasize secure communications.

What's at Stake?

This move affects every developer and organization utilizing Cloudflare’s API services. Those who haven’t updated their systems to ensure TLS compliance may face immediate disruptions in service. The implication is clear: adapt to secure protocols or face operational setbacks. Companies must extensively audit their API usage and upgrade their infrastructure accordingly to prevent service disruptions.

Key Benefits of TLS Enforcement

Data Integrity: Ensures that the data packets sent between systems remain unchanged, guaranteeing the delivery of unaltered information.

Privacy Protection: By encrypting communications, it prevents unauthorized entities from eavesdropping, ensuring sensitive data remains confidential.

Authentication: Verifies identity, ensuring that both parties in an information exchange are who they claim to be, thus reducing man-in-the-middle attacks.

Industry Impact

This new mandate underscores a broader industry shift toward more rigorous security practices amidst growing concerns about data breaches and cyber threats. It sets a precedent that may soon become a norm across other service providers, promoting a more secure digital ecosystem. Companies around the world must recognize the urgency and importance of adopting secure communication protocols to remain competitive and compliant.

Telecommunications companies, financial institutions, and large-scale enterprises that heavily rely on Cloudflare’s services are likely the most significantly impacted. However, smaller companies and startups shouldn’t lag in making this change, as it forms the foundation for building secure, trustworthy services.

Immediate Steps for Organizations

Conduct an API audit to identify unencrypted traffic.

Work with development teams to implement TLS across all client-server communications.

Update internal security protocols and training to emphasize the importance of encryption.

Communicate the importance of this security update to all stakeholders to ensure organization-wide compliance.

Future Implications

As more companies like Cloudflare take a solid stance to safeguard data through secure protocols, one can anticipate a cascade of similar actions from other service providers. The cybersecurity landscape may soon see mandatory encryption become a basic requirement for any digital communication. It also sets a tone for future developments in quantum-safe encryption practices and evolving security measures in response to sophisticated cyber threats.

Don't Let Your Data Show Up Naked

In our increasingly connected world, expecting data privacy has become more than just a convenience— it's a necessity. Cloudflare’s decision to block unencrypted traffic reinforces the importance of secure communications as a bedrock of modern cybersecurity strategies. Companies must respond by fortifying their digital infrastructure with robust encryption practices to protect data integrity and cultivate trustworthiness in the digital age.

*

Vendor Diligence Questions

1. How does your API service ensure data encryption in transit?

2. What mechanisms do you have in place to verify the encryption standards of third-party services you integrate with?

3. Can you provide documented proof of compliance with international data transmission and encryption standards?

Action Plan

1. Audit & Assessment: Conduct a thorough audit of all API endpoints to ascertain which traffic is currently unencrypted.

2. TLS Implementation: Deploy Transport Layer Security (TLS) across all communication endpoints to comply with Cloudflare’s requirements.

3. Training & Compliance: Develop a training protocol for developers and IT staff to ensure ongoing compliance with secure transmission standards and regular updates.

4. Vendor Alignment: Engage with cloud and API providers to ensure they adhere to encryption standards and address any vulnerabilities.

*

Source: Cloudflare now blocks all unencrypted traffic to its API endpoints

*

Cybersecurity's Latest Pop Quiz: Can Your Website Pass the Test?

_Welcome to the digital Thunderdome, where websites are either protected like a fortress or taken out like the laundry._

What You Need to Know

A new piece by cybersecurity experts highlights the ten prevalent web security attacks currently jeopardizing online landscapes. Understanding these vulnerabilities is crucial for protecting business assets and customer data. The executive team must prioritize cybersecurity investments and policy updates to mitigate risks. Immediate actions include threat assessments and bolstering existing security measures.

CISO focus: Web Security Vulnerabilities

Sentiment: Neutral

Time to Impact: Immediate

*

In the ever-evolving landscape of cybersecurity, website vulnerabilities represent a formidable challenge. The recent exploration into the ten most common website security attacks presented an alarmingly familiar set of threats that no business can afford to ignore. While the threat landscape continues to mutate, these vulnerabilities remain a constant, posing serious risks to enterprises and their clientele.

The Cybersecurity Rogues' Gallery: Top Ten Threats

1\. Cross-Site Scripting (XSS): Miscreants use XSS attacks to inject malicious scripts into web applications, often affecting a user's browser and compromising personal data.

2\. SQL Injection: This old favorite of attackers can wreak havoc by inserting or "injecting" SQL queries via input data from the client to the application.

3\. Cross-Site Request Forgery (CSRF): In this sly attack, an unauthorized action is performed on behalf of a user who has logged into a web application.

4\. Security Misconfiguration: This is the silent assassin of web security, arising from incomplete or default settings that leave cracks in defenses.

5\. Credential Stuffing: Utilizing stolen username-password pairs, attackers gain unauthorized access to systems.

6\. Man-in-the-Middle (MITM) Attacks: Here, attackers secretly intercept and relay communications between two parties.

7\. Distributed Denial of Service (DDoS): An oldie but a baddie, DDoS overwhelms a targeted site with traffic, rendering it unusable.

8\. Data Breaches: When unauthorized parties infiltrate databases, the results can be as detrimental as a breach, exposing sensitive data to the public or competitors.

9\. Zero-Day Attacks: The modern-day ambush, these exploits attack vulnerabilities unknown to vendors, leaving systems exposed until the flaw is patched.

10\. Remote Code Execution (RCE): As lethal as its name suggests, this attack allows perpetrators to execute arbitrary code on a remote system.

The Most Urgent Threats to Address Now

From user credential theft through phishing and brute force attacks to deceptive cross-site exploits, the landscape is riddled with dangers as intimidating as a pop quiz over a subject you didn't study. XSS, SQL Injection, and CSRF top the list of concerns that demand immediate attention due to their pervasive and destructive nature. These threats not only compromise data integrity but erode consumer trust, which businesses can ill afford.

Transforming Defense: The Digital Armor You Need

Immediate steps must be taken to bolster defenses against these threats. This includes sanitizing inputs to guard against SQL injections and XSS, employing Content Security Policy configurations, and using HTTPS to mitigate MITM attacks.

* Update Software Regularly: Ensure that systems and software servers are routinely patched with the latest updates.

* Use Strong Authentication Mechanisms: Implement multi-factor authentication to counteract credential stuffing.

* Conduct Regular Security Audits: Assess vulnerabilities with consistent security misconfiguration sweeps.

* Educate Your Workforce: Cyber hygiene training can enhance overall resilience to social engineering attacks.

Staying Ahead of the Cyber Curve

The immediate digital environment demands a proactive approach. Cybersecurity isn't a one-and-done act; it’s a continuous cycle of monitoring, detecting, and responding to threats. Implementing comprehensive detection systems like Intrusion Detection and Prevention Systems (IDPS) can significantly lower your risk.

This piece serves as a digital call to arms, inviting cybersecurity teams to educate, adapt, and defend against increasingly sophisticated cyber threats. As we race into the digital future, staying vigilant is the only way to avoid becoming a cautionary tale in the annals of cybersecurity breaches.

*

Vendor Diligence Questions

1. How frequently does your company conduct security audits and vulnerability assessments?

2. What are the specific measures you have implemented to protect against the leading forms of website attacks?

3. Can you provide details on your incident response plan in the event of a security breach?

Action Plan

1. Conduct Security Audit: Immediately perform a full security audit of all web applications to identify and rectify vulnerabilities highlighted in recent findings.

2. Employee Training: Launch a series of workshops to cultivate awareness of phishing attempts and password security practices.

3. Upgrade Security Systems: Invest in advanced security tools, including updated firewalls and intrusion detection systems, tailored to mitigate identified threats effectively.

*

Source: The 10 Most Common Website Security Attacks (and How to Protect Yourself)

*

_CISO Intelligence is lovingly curated from open source intelligence newsfeeds and is aimed at helping cybersecurity professionals be better, no matter what their stage in their career._

_We’re a small startup, and your subscription and recommendation to others is really important to us._

*Thank you so much for your support!(