💡

"Gives me everything I need to be informed about a topic" - __UK.Gov__

Table of Contents

1. The IMI Case of the Missing Breach Details

2. Code Blue or Just Bad Software: A Tale of Medical Device Vulnerabilities

3. The Wild Hunt: Coyote Malware's Relentless Pursuit of Financial Data

4. The Great Android App Meltdown: Google's Mass Bans in 2024

5. The Premium Panel Paradox: When Phishing Takes a Premium Turn

6. The Daunting DHCP Debacle: Navigating Network No-Man's Land

Sign up for CISO Intelligence.

21st century industry insights for the modern CISO

It won't hurt, I promise.

Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

The IMI Case of the Missing Breach Details

_IMI reveals almost nothing about a breach. In this era of transparency, less is not more._

What You Need to Know

The British engineering firm, IMI, has disclosed an undisclosed breach. While the company has confirmed that one of their IT systems was compromised, no further details about the breach were shared. This lack of transparency could impact stakeholders' trust, regulatory compliance, and the organization’s reputation. The executive management team is tasked with enhancing the transparency and communication strategy on cybersecurity incidents. Immediate steps should be taken to assess whether sensitive data was exposed and to fortify cybersecurity defenses.

CISO focus: Incident Response and Communication

Sentiment: Negative

Time to Impact: Immediate to short term

*

IMI’s Silent Breach Raises Loud Questions

In a digital world where breaches are as common as morning coffee runs, the silence from British engineering powerhouse IMI regarding its recent breach is deafening. While the firm has conceded that a breach occurred, the specifics are locked tighter than Fort Knox. This minimal disclosure leaves stakeholders, clients, and the cybersecurity community speculating and anxious.

A Breach with No Tale

IMI has acknowledged a breach, yet the specifics—how it happened, what data was stolen, or the intrusion timeline—remain undisclosed. This kind of non-disclosure hints at an underlying challenge within the company’s cybersecurity framework, and perhaps a lack of preparedness in incident communication. The opacity contrasts sharply with the industry's trend toward full transparency in the aftermath of security incidents.

The Risk in Keeping Quiet

Trust and Credibility: Stakeholders demand transparency for trust. By withholding details, IMI risks eroding its credibility.

Regulatory Consequences: Depending on the jurisdictions affected, not fully disclosing breach details might invite scrutiny or penalties from regulatory bodies.

Client Relations: Existing and potential clients need reassurance their data is secured. Lack of information might push them towards competitors.

The Urgent Need for a Detailed Response

The reality is, the time is now for IMI to step up with a clear, transparent communication strategy regarding the breach. There are key steps the company should consider:

1. Conduct a Thorough Investigation: Gather forensic evidence to understand the full spectrum of the breach.

2. Communicate with Clarity: Inform stakeholders about the scope, impact, and mitigation efforts taken post-breach.

3. Revamp Cybersecurity Protocols: While the specifics remain elusive, reinforcing IT security and applying lessons from the breach is essential.

4. Engage with Third-party Experts: Collaborate with cybersecurity experts to audit current systems and provide an unbiased assessment.

Lesson in Crisis Management

From Target to Equifax, history provides ample lessons in handling data breaches. Clear communication is not just a courtesy; it’s a necessity. Organizations that have managed to retain stakeholder trust were quick to share breach details transparently, turning potential PR disasters into opportunities for demonstrating corporate responsibility.

*

Vendor Diligence Questions

1. How rapidly can you provide detailed reports post-security incidents?

2. What measures are in place for incident communication and stakeholder reassurance?

3. Can you provide references from past customers who endured a breach?

Action Plan for the Team Reporting to the CISO

1. Evaluate Current Communication Protocols: Review and upgrade the existing incident communication plan to improve clarity and transparency.

2. Enhance Incident Detection Capability: Invest in advanced threat detection systems to lessen response times.

3. Strengthen Cybersecurity Training: Conduct regular training sessions on breach response protocols for all employees.

4. Test Incident Response Plans: Regularly simulate breach scenarios to test and tweak incident response plans.

5. Engage with Stakeholders: Prepare an FAQ or briefing for customers affected, educating them on the steps taken in response to the breach.

*

Source: British engineering firm IMI discloses breach, shares no details

*

Code Blue or Just Bad Software: A Tale of Medical Device Vulnerabilities

_When your lifesaver becomes a back-stabber, it's time to reassess your tech loyalties._

What You Need to Know

A critical vulnerability has been identified in Contec’s CMS8000 Patient Monitors, exposing healthcare facilities to potential cybersecurity threats. This vulnerability, described as a 'backdoor', can lead to unauthorized access, data breaches, and major disruptions in patient care. Immediate action is required from healthcare providers to mitigate risks, including updating firmware and re-evaluating network security postures.

CISO Focus: Internet of Medical Things (IoMT) Security

Sentiment: Strong Negative

Time to Impact: Immediate

*

A Critical Health Hazard: The Backdoor in CMS8000 Patient Monitors

In a startling revelation, CISA and the FDA have jointly issued a dire warning about a severe cybersecurity vulnerability found in Contec's CMS8000 Patient Monitors. These devices, critical in monitoring patient vitals, feature a backdoor that threatens not just IT infrastructure, but patient safety itself. The discovery has sent shockwaves through the healthcare industry, underscoring the escalating risks associated with the Internet of Medical Things (IoMT).

The Threat Landscape: An Overview

Backdoor Access: The flaw allows unauthorized users to access the system’s back-end, enabling potential manipulation or theft of sensitive patient data.

Impact Potential: Exploiting this vulnerability could result in incorrect diagnosis, treatment delays, and in worst-case scenarios, endangering human lives.

Affected Demographic: With countless healthcare institutions relying on these monitors worldwide, the scope is alarmingly vast.

Stakeholder Reactions and Recommendations

Healthcare organizations are on high alert, reassessing their device security protocols and seeking guidance from cybersecurity agencies. Contec has been urged to expedite firmware updates to mitigate the risk. Both CISA and the FDA advocate for immediate actions that include:

Ensuring all devices are updated with the latest patches.

Segregating medical devices from general IT networks.

Increasing network monitoring for anomalous activities.

Proactive Measures for Healthcare Providers

Healthcare establishments must:

Review Current Security Protocols: Ensure robust layer defenses are in place for medical devices.

Strengthen Authentication: Implement more stringent access controls, such as multi-factor authentication.

Educate Staff: Raise awareness about IoMT vulnerabilities and the necessary precautions to take should unauthorized access occur.

*

Vendor Accountability: A Behind-the-Scenes View

Vendors like Contec face escalating pressure to enhance their security frameworks. The sector-wide push for a proactive approach to device security development is crucial. Regulatory bodies stress the importance of incorporating security testing in the design phases of IoMT devices, promoting a secure by design philosophy.

Cybersecurity Industry Response

The cybersecurity community has already begun mobilizing support, providing crucial intelligence sharing, and collaborating with healthcare institutions to brace against potential exploits. This collaborative effort is integral to fortifying defenses and ensuring patient safety.

Regulatory Expectations and Future Directions

As the IoMT landscape expands, regulatory bodies may soon issue stringent guidelines mandating comprehensive cybersecurity measures for medical device manufacturers. The goal is to avert similar threats and safeguard the integrity of health data.

When Devices Diagnose Missteps

In conclusion, the revelation concerning Contec's CMS8000 Patient Monitors has brought glaring attention to the vulnerabilities of medical devices. This incident is a clarion call for healthcare providers, manufacturers, and regulators to prioritize cybersecurity measures seamlessly integrated into healthcare frameworks. Future patient safety depends on transitioning from reactive measures to proactive cybersecurity protocols before lifesaving technology itself becomes a threat vector.

*

Vendor Diligence Questions

1. What cybersecurity measures are in place on your devices to prevent unauthorized access and data breaches?

2. How often do you perform security audits and updates on your devices to adapt to emerging threats?

3. What support and resources do you offer to healthcare institutions for managing and mitigating cybersecurity risks in their environments?

Action Plan

1. Initiate Immediate Firmware Updates: Deploy the latest patches across all CMS8000 monitors.

2. Network Reassessment: Conduct a comprehensive audit of network infrastructures to identify and eliminate vulnerabilities.

3. Staff Training Sessions: Regularly update and train personnel on cybersecurity practices specific to IoMT devices.

4. Establish Incident Response Protocols: Prepare contingency plans to address potential breaches swiftly and effectively.

*

Sources:

1. CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors - The Hacker News

2. "Medical Device Security: The Next Arena for Cybersecurity," Journal of Healthcare Information Security

3. IoMT Security Landscape, "Trends and Measures in Medical Device Cybersecurity," Healthcare IT News

*

The Wild Hunt: Coyote Malware's Relentless Pursuit of Financial Data

_Catching Coyotes is tougher than catching lightning in a bottle._

What You Need to Know

The rapid expansion of Coyote malware now targeting over 1,030 websites and 73 financial institutions highlights an urgent cybersecurity threat. Executive management must prioritize reviewing and strengthening existing cybersecurity defenses and allocate necessary resources to the security departments for proactive measures.

CISO focus: Threat Intelligence and Financial Cybersecurity

Sentiment: Strong Negative

Time to Impact: Immediate

*

A recent cybersecurity report unveils the alarming reach of Coyote malware, which has expanded its grasp to encompass over 1,030 websites and an incredible 73 financial institutions. The malware, known for its stealth and adaptability, represents a persistent threat to global financial stability. With financial institutions forming part of the backbone of our economy, the risk presented by this malware cannot be overstated, placing it squarely in the crosshairs of cybersecurity professionals worldwide.

Financial Institutions Under Siege

Coyote malware has been a persistent threat, but its newly revealed capabilities have brought it firmly into the spotlight. Among its most concerning features is its sophisticated evasive tactics, enabling it to bypass existing security measures that once seemed formidable. This alarming development is a wake-up call for financial institutions to reevaluate their security postures and response strategies.

* Widespread Intrusion : Analysis indicates over 1,030 compromised websites, a dramatic increase from previous reports. This escalation suggests the malware authors have honed their infiltration techniques, now targeting financial institutions with higher precision and success rates.

* Institutional Targets : A staggering 73 financial institutions have been documented as targets. The financial sector's inherent vulnerability to such attacks is exacerbated by this broadening offensive, underscoring the urgency for new defensive measures and enhanced readiness.

Deep Dive into Coyote's Adaptability

Coyote's recent evolution showcases how malware can adapt to counteract cybersecurity defenses. It highlights the critical importance of intelligence sharing and collaboration within the cybersecurity community:

* Dynamic Encryption : The adoption of dynamic encryption methods helps Coyote evade detection. These encryption techniques change their code frequently, confounding traditional detection tools.

* Phishing Innovations : Enhanced phishing methods ensure wider dissemination and lower barriers for initial entry, especially via deceptive emails mimicking legitimate communication from banks and trusted financial partners.

* Modular Construction : Coyote features a modular design, allowing it to expand its capabilities by integrating additional malicious modules. This flexibility allows attackers to tailor attacks to specific institutions or exploit newly discovered vulnerabilities rapidly.

The Immediate Threat Landscape

The threat posed by Coyote is not only its capability to compromise financial security systems but also the speed with which it evolves to counteract defenses. Analysts predict an immediate impact on targeted institutions unless swift and comprehensive security measures are deployed:

* Financial Damage : The potential for significant financial loss is extensive, with the malware extracting confidential information that could lead to substantial fraud or unauthorized transactions.

* Reputation Risk : An inability to effectively counteract this malware could result in lost customer trust and institutional reputational damage — repercussions that may linger long after the initial attack.

* Regulatory Challenges : Non-compliance with increased regulatory scrutiny could arise if financial institutions fail to address threats adequately.

Coyote Chronicles: The Next Steps

For those in cybersecurity roles, comprehending the immediate impact of Coyote and its potential ramifications is crucial for the formulation of effective countermeasures:

* Enhanced Monitoring : Implement continuous advancements in security information and event management (SIEM) technologies to detect anomalies in real time.

* Patch and Update : Ensure all systems, websites, and applications are consistently updated to close known vulnerabilities promptly.

* Employee Training : Conduct regular training sessions to foster awareness of advanced phishing variants and enhance staff capability to recognize and report suspicious activities.

*

Vendor Diligence Questions

1. How does your security solution update to protect against rapidly evolving threats such as Coyote malware?

2. Can your systems provide real-time alerts and analytics that assist in detecting anomalous financial transactions?

3. Describe the process and frequency of your security auditing protocols in response to emerging threats.

Action Plan

1. Immediate review and update of all cybersecurity defenses, focusing particularly on financial systems.

2. Initiate threat intelligence sharing with peer institutions and cybersecurity alliances.

3. Ensure adequate resource allocation to the cybersecurity team for enhanced monitoring and incident response capabilities.

4. Conduct a tabletop exercise simulating a Coyote malware attack scenario to test readiness and response times.

*

Source: Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions

*

The Great Android App Meltdown: Google's Mass Bans in 2024

What You Need to Know

In 2024, Google undertook a massive crackdown by banning over 158,000 malicious Android app developer accounts, a move that underscores the tech giant’s commitment to securing its Play Store. The board needs to be aware of potential exposure from these apps and prioritize a stringent review of mobile app safety that could affect company operations.

CISO Focus: Mobile Application Security

Sentiment: Positive

Time to Impact: Short (3-18 months)

*

The Android App Ecosystem Takes a Hit

In a substantial security operation during 2024, Google eradicated 158,000 malicious developer accounts that were responsible for fostering an environment ripe for cyber threats on the Android platform. This seismic move was a result of Google's persistent effort to maintain trust and safety within its ecosystem as they unraveled a web of applications harboring malicious intent.

What's Behind the Ban?

The crackdown primarily aimed to eliminate the risk of malware and atrocious data practices that had seeped into the Play Store ecosystem. Hackers have long targeted the Android platform due to its open-source nature, which lacks the tight-nit control seen in iOS environments. Google's actions represent a pivotal moment in its approach to policing its app marketplace effectively.

Reasons for Ban:

Malicious Code Injection: Hidden scripts designed to harvest user data clandestinely.

Unauthorized Data Collection: Apps extracting sensitive information without user consent.

Phishing and Fraud: Platforms designed to deceive users for financial gain.

Ripple Effects Across the Domain

The mass banning sends ripples across various sectors relying on Android app developers:

1. Enterprise Vulnerabilities : Corporate environments relying on Android apps need to conduct rigorous software vetting.

2. Consumer Trust : This action renews user trust but also raises questions about past oversight.

3. Developer Community : Calls for more strict adherence to ethical coding practices and regular audits.

Google’s New Safety Measures

Google has not only wielded the ban hammer; it has also introduced new policies to enhance Play Store safety long-term.

Stricter Vetting Processes : Enhanced developer verification and application scrutiny processes.

Enhanced User Privacy Controls : Platforms are mandated to comply with heightened privacy standards.

Developer Training Programs : Initiatives for guiding developers towards best practices in mobile security.

Graphical Analysis from the Past

Data analysis reveals a steep decline in user-reported malware incidents since these enforcement policies were adopted, showing a stronger security posture in comparison to previous years.

Challenges and Critiques

Despite positive movement, some critiques arose:

Lagging Detection Technology : Experts argue that Google's security filters still fall behind in real-time threat detection.

Market Restrictions : Concerns that smaller, legitimate developers might be hindered unduly.

The Silver Lining Every Cloud Has

While Google's sweeping measures mark a significant advancement in combating cybersecurity threats, the onus is on both developers and users to maintain vigilance in the apps they develop or download. This dual approach ensures longevity in resilience against potential intrusions.

*

Vendor Diligence Questions

1. How does the vendor ensure compliance with enhanced application vetting processes mandated by Google?

2. What measures does the vendor have in place to detect malicious activities post-deployment in real-time?

3. Can the vendor provide a record of their training certifications and ethical standards in mobile security?

Action Plan

1. Immediate Risk Assessment : Survey the organization's use of Android apps and assess vulnerabilities.

2. Compliance Reviews : Regularly update security policies to align with Google's Play Store guidelines.

3. Training Initiatives : Launch educational programs focusing on mobile app security for in-house developers.

4. Response Protocol Development : Establish a dynamic protocol for swift response to any identified threats.

*

When the Android Going Gets Tough

Google's substantial crackdown illuminates the complex landscape of mobile application security. As the Android app economy expands, earnest vigilance and adaptability in threat response strategies must become the norm to ensure a secure digital environment.

*

Source: Google Bans 158,000 Malicious Android App Developer Accounts in 2024

*

The Premium Panel Paradox: When Phishing Takes a Premium Turn

_Who knew phishing could be this classy?_

What You Need to Know

The "Premium panel" phishing toolkit has been identified as a major threat, affecting companies primarily within Western nations but also globally, including parts of the Middle East, Africa, and Asia. Executive management should recognize the significance of this toolkit's ability to impersonate renowned companies and its implications for global cybersecurity. Immediate actions are advised to bolster phishing defenses and monitor for new phishing domains with attributes of the "Premium panel." Collaboration with network security teams to implement necessary detection and defense mechanisms is crucial.

CISO Focus: Phishing Mitigation

Sentiment: Strong Negative

Time to Impact: Immediate

*

As unprecedented phishing attacks continue to undermine corporate security worldwide, the emergence of the "Premium panel" phishing toolkit sheds light on the ominously sophisticated stratagems conjured by cybercriminals. This notorious toolkit intricately weaves multiple .php pages and .js scripts, deftly mimicking the login pages of leading corporations, predominantly within Western regions but more alarmingly spreading its malicious tendrils globally. Let's untangle this web of deceit and see how businesses can be better prepared for such insidious threats.

Anatomy of a Premium Phishing Toolkit

The "Premium panel" toolkit is essentially a robust phishing engine that's become the darling of cybercriminals. With its ability to create highly realistic clones of login pages, it targets major industries such as banking and logistics. The toolkit's modular design exploits compromised legitimate domains or creates new domains spoofing familiar company brands to enhance its facade. Notably, threat actors harboring the toolkit utilize Telegram for clandestine communications, further illustrating the organized and intelligent use of available technologies in phishing endeavors.

Global Campaigns and Targeted Sectors

Recent investigations have uncovered that the toolkit mainly targets Western companies. However, its geographical split includes countries like Saudi Arabia, Israel, South Africa, Taiwan, Qatar, and Guatemala, revealing a diverse campaign strategy. By scrutinizing the campaigns that utilized the "Premium panel," strategic insights emerge into not just the methods, but the specific sectors and regions most at risk.

Tracking the Phishing Trail

One of the pivotal elements of the investigation into the "Premium panel" is the ability to identify new phishing domains. Threat actors are adept at either hijacking existing domains or swiftly setting up spoof domains using temporary names. The discovery of unsecured Telegram tokens within some phishing control panels provides a trail to map out these malefactors’ targets, aiding cybersecurity teams in anticipating and preemptively countering their attacks.

Highlights of the Investigation:

Phishing Domains: Most often resemble well-known brand login pages.

Security Flaws: Unsecured panels link back to threat actors and domains.

Communication Channels: Use of Telegram indicates a systematic operation capable of evading traditional monitoring.

The Measures We Must Take

For executive management, understanding the landscape and risks these phishing toolkits present is paramount. Given the toolkit’s capability to quickly adapt and global footprint, it poses an immediate threat to industries worldwide.

*

Vendor Diligence Questions

1. What measures are in place to detect and separate legitimate login attempts from phishing attempts that closely mimic your interfaces?

2. Can you provide data and analytics on attempts detected and thwarted over the past year?

3. How does your organization leverage threat intelligence to identify and mitigate phishing campaigns proactively, especially those targeting specific sectors?

Action Plan for the CISO's Team

Awareness and Training: Initiate immediate phishing awareness programs tailored to recognize "Premium panel" style campaigns.

Domain Monitoring: Deploy mechanisms to identify newly registered domains that could potentially host phishing sites, emphasizing widespread brand monitoring.

Threat Intelligence: Intensify partnerships with intelligence communities to stay updated on the latest phishing methodologies and countermeasures.

Security Collaboration: Work closely with law enforcement and cybersecurity vendors to develop a comprehensive response strategy against organized phishing groups.

*

For further depth and ongoing updates, please consult the source directly from Premium panel phishing tool used in longstanding campaigns worldwide.

*

Sources:

1. Intrinsec: Premium panel phishing tool used in longstanding campaigns worldwide.

2. Dragon News Bytes, Team Cymru.

3. Global cybersecurity reports and intelligence analyses.

With these capabilities at their disposal, the future of organized phishing has never looked more—ironically—premium. As these threats evolve, the onus is on our community to counter their sophisticated attempts with equally sophisticated defenses.

*

The Daunting DHCP Debacle: Navigating Network No-Man's Land

_The true mask of a network problem? It's probably DHCP_

What You Need to Know

DHCP (Dynamic Host Configuration Protocol) is the silent workhorse ensuring devices on a network receive the necessary IP addresses without user interference. When it fails, networks face potential chaos, causing connectivity issues for end users. Executive management needs to understand the risks associated with DHCP failures and ensure teams are adequately equipped to troubleshoot and resolve these issues promptly. Immediate resource allocation may be necessary to mitigate service disruptions and adhere to SLAs (Service Level Agreements).

CISO focus: Network Security and Management

Sentiment: Neutral

Time to Impact: Immediate

*

DHCP Dilemmas: The Network Nightmare

Connectivity is the oxygen of today’s digital world, and at its heart lies the DHCP server, an unsung hero that operates quietly in the background. But when the DHCP server encounters issues, the ripple effects can be profound — impacting everything from business operations to customer satisfaction.

Understanding DHCP

DHCP automates the task of IP configuration, enabling devices to join the network with ease. It allocates IP addresses to devices dynamically, ensures there are no IP conflicts, and manages the re-allocation of IPs. When well-oiled, it eliminates the need for manual IP configuration, a task that is both mundane and error-prone.

The Issues at Hand

When a DHCP server falters, devices simply cannot access the network, leading to the following potential problems:

Loss of Connectivity : Device cannot obtain an IP address, leading to an inability to access network resources.

IP Conflicts : Multiple devices being assigned the same IP address, causing connectivity failures for those devices.

Network Downtime : Service disruptions that could halt business operations and lead to loss of productivity.

Common Causes of DHCP Failures

Understanding the common points of failure can be the first step in addressing DHCP issues:

1. Configuration Errors : Misconfigured settings on the server such as improperly set scopes, exclusion ranges, or lease times.

2. Network Hardware Failure : Problems in the routers, switches, or other network hardware can affect DHCP performance.

3. Software Bugs : Updates or bugs in DHCP server software can lead to unexpected behavior.

4. Capacity and Performance Issues : Overloaded DHCP server due to increased network demand that exceeds the server’s capacity.

Troubleshooting DHCP Issues

Mitigating DHCP issues can involve a few strategic and tactical steps:

Verify Configurations : Ensure all DHCP configurations such as scopes and options are correctly set and match network design.

Analyze Network Traffic Logs : Inspect logs for any error messages or patterns that can signify the source of the issue.

Test for IP Conflicts : Use network tools to check for any duplicate IP addresses in use.

Monitor Server Performance : Regularly check server load and performance metrics to ensure it can handle network demands.

More Than Just a Network Issue

Beyond mere connectivity, unresolved DHCP issues can hurt an organization's reputation, customer trust, and bottom line. Creating a robust framework for regular monitoring and quick responses is essential to minimize impact.

The Importance of Proactivity

Preventing DHCP issues relies heavily on being proactive:

Regular Audits : Routinely evaluating network and DHCP configurations to align with best practices and future growth.

Upgrade Systems : Keeping both hardware and software up to date to ensure peak performance and security compliance.

Training and Resources : Equipping network teams with the knowledge and tools to address issues swiftly and effectively.

*

Vendor Diligence

Questions:

1. What are the reliability metrics of your DHCP services, and how do you measure uptime and performance?

2. How do you handle security vulnerabilities related to DHCP, and what is your procedure for patches and updates?

3. Can you provide access to a training program or resources to enhance the skills of our internal network team?

Action Plan

Action Plan:

1. Immediate Audit : Conduct an immediate audit of DHCP configurations and current performance.

2. Access Vendor Support : Contact vendors for support documentation and troubleshooting resources to address any immediate or ongoing issues.

3. Training Seminar : Organize workshops for IT and network staff to revisit DHCP best practices and improve readiness for future issues.

*

_Once a mundane background service, the DHCP server stands as a silent witness whose failures can reverberate throughout an organization. Stay vigilant, so DHCP stays under the radar — where it belongs._

*

Source: Troubleshooting-a-DHCP-server

*

_CISO Intelligence is lovingly curated from open source intelligence newsfeeds and is aimed at helping cybersecurity professionals be better, no matter what their stage in their career._

_We’re a small startup, and your subscription and recommendation to others is really important to us._

*Thank you so much for your support!(