Combadges, SISENSE, Microsoft, CISA, Lastpass, Palo Alto, Broadband, Aaran and More - SWN #377

Speaker 10s - 23.76s

It's the Security Weekly News, and it is episode 377 on Friday the 12th of April 2024. We've got Com badges, Sysense, Microsoft, malware next gen, last pass, Palo Alto ORG, broadband, Aaron Leland, and more on this edition of the Security Weekly News.

Speaker 329.08s - 35.2s

This is a Security Weekly production for security professionals by security professionals. Please visit security weekly.com forward ORG slash subscribe to

Speaker 035.2s - 46.64s

subscribe to all the shows on our network. It's the show that keeps you up to date on the latest security news twice a week.

Speaker 347s - 50.38s

Your trusted source for accurate security information and expert analysis.

Speaker 150.74s - 53.08s

It's time for the Security Weekly ORG news.

Speaker 253.88s - 84.26s

On Business Security Weekly, each week we address the challenges facing CSOs through our guest's interviews, including former and active CSOs. Our new segment is focused on leadership and communications to better help security leaders translate and communicate security risks into business risks. Jason Elbuquerque, Ben Carr, Tyler Robinson PERSON, and others add their expertise to the conversation. I'm Matt Alderman, and I hope you search for Business Security Weekly ORG in your favorite podcast catcher.And subscribe to download our latest content.

Speaker 186.6s - 1052.3s

All right, it's the Security Weekly News from the island of Elba LOC. I'm Doug White PERSON. Welcome to the show. So CESA, and that's the United States GPE cybersecurity organization, and I know most of you know that, but we do have a lot of international viewers, so I always try to make sure we know where we're talking about. But CISA issued an emergency directive, which orders U.S. federal agencies to mitigate risks that have resulted from the Microsoft ORG breach.So we've talked about the Microsoft ORG email breach on numerous occasions. But the Microsoft breach has been attributed to APT-29 or Cozy Bear or Midnight Blizzard PRODUCT or whatever you want to call it, but the call it kind of stuff. But, of course, that's the Russian Foreign Intelligence Service in St. Petersburg GPE, right? So CESA said that Russian Foreign Intelligence Service operatives are now using information stolen from Microsoft ORG to gain access to certain customer systems. Microsoft and CSA ORG have already notified all federal agencies whose email correspondence with Microsoft was stolen by the Russian NORP attackers. The new directivemarks the first time that the U.S. GPE government has confirmed that federal agency emails were exfiltrated in the Microsoft breach, which occurred back in January. SISA ORG has now ordered effective agencies to identify the full content of the agency correspondence with compromised Microsoft accounts and perform a cybersecurity impact analysis by the 30th of April. Per the emergency order, anyone who detect signs of authentication compromises are required to, one, take immediate remediation action for tokens, passwords, API keys, and other authentication credentials known or suspected to be compromised. And two, for any known or suspected authentication compromised identified through action,one, by the 30th April, reset the credentials in associated applications and deactivate associated applications that are no longer of use to the agency. And two, review sign-in token issuance and other account activity logs for users and services whose credentials were suspected or observed as compromised for potential malicious activity. Wow.I mean, basically what they're saying is you need to reset all your passwords, renew all your tokens and roll over everything. The entire thing began back in January when Microsoft revealed that APT-29 PRODUCT had breached their corporate email servers with a password spraying attack, which led to the compromise of a legacy, all sounds very corporate ease to me, but legacy non-production test tenant account that was not using MFA, but did just happen to have access to Oath ORG apps with elevated privilege.YOW. So, you know, clean that stuff up for sure, everybody. But that basically let cozy bear access and steal data from corporate mailboxes. And then they've turned around and started using all that information to both do fishing, to try to access other accounts and so forth. So a very nasty thing.I guess the lesson here is that regardless of whether you're a federal agency or not, you might want to consider this. theoretically, you've been notified, but does that mean that they got it all? It always worries me. CISA also alerted Cicent ORG's customers to reset credentials and secrets, which were potentially exposed in a breach of Sysense ORG's AI-based data analytics service. So Sysense, if you aren't familiar with them, develops analytics software for tel. This is one of those companies that you've never heard ofthat you probably should have heard of. I mean, they develop analytics for telcos, airlines, all the big tech people. And it's one of those really, really big companies you never heard of, but that's kind of how they like it, I think. And that's, of course, how supply chain attacks work. So if everybody's using your product, you know, why not target those people back upstream and then use it to go downstream? The belief here is that this may be the beginning of another large-scale supply chain attackand or evidence of a big supply chain attack. Brian Krebs originally posted a note which was sent by the CISO ORG, which urged customers to rotate any credentials that they use with Cicentz all the way back on the 10th of April. So that was when that Brian Krebs PERSON story, apparently there's not much information on this breach at this point, but that in order for CSA ORG to actually issue an alert on this, which they did.So somebody knows something somewhere, right? I mean, they're just not telling you all the details because they probably don't want anybody to see how to do this or whatever was done. So if you're connected to Cicense or, well, you know, we cite Augustus DeMorgan PERSON and Jonathan Swift PERSON all the time, you probably should go get your credentials rotating in order.Yeah. Now, as long as we're doing the SISA show today, CISA ORG also released their threat hunting an internal malware analytics system for public use this week. This system is called malware next gen, if you haven't heard of it already. And it is now available for any organization to submit malware samples or other suspicious artifacts for analysis.And that will allow CISA ORG to be more effective. So information sharing has always been one of the big initiatives behind all this stuff since it began, actually. I mean, I remember the very first information sharing initiatives always been one of the big initiatives behind all this stuff since it began, actually. I mean, I remember the very first information sharing initiatives and everybody in corporate going, no, no, no, but that's sort of changing. Malware NextGen has been available to dotgov and dot mill users since last November, and there's already more than 400 registered users, and they've submitted about 1,600 files since then. The system identified 200 suspiciousor malicious files and the URLs and those were shared with all the partners. The malware analysis is performed with a combination of static and dynamic analysis tools in a secure environment and the results are available in PDF or sticks 2.1 formats to you. You do have to create an account, and I couldn't exactly see if they still had restrictions on who could actually create accounts here,but it does appear that most anyone can register. So if you're interested, there's links in the articles, or you can just go to the CESA ORG site and find that. I would recommend that you do it. Submitting anything you think is suspicious, it helps everybody.You know what I hate about vaults, especially password vaults? Well, the whole idea that there's this place for all this valuable stuff is stored just makes it a big, juicy target, right? I mean, you know, it's just like putting up a sign that says lots of money in this box. But last pass, which is a very, very well-known password vaulting service, revealed that attackers had targeted one of their employees in a box. But LastPass PRODUCT, which is a very, very well-known password vaulting service, revealed that attackers had targeted one of their employees in a voice fishing attack, which used a deep fake audio to pretend to be Karim Tuba, who's the CEO of LastPass PRODUCT.Now, the good news is that for once, the employee being targeted didn't fall for it. Now, why did they not fall for it? You know, when the CEO calls you and demands that you work this weekend scrubbing their yacht, you tend to respond, right? I mean, I know when my boss or my boss's boss or my boss's boss's boss's boss calls, you know, and gives me an email or a message, I get a little interested in like, you know, responding to that. But the contact came from WhatsApp. And well,the person that was being contacted thought this was an odd channel for the CEO to use to communicate and so therefore chose not to listen. LastPass PRODUCT said that the attack failed and there was no impact on LastPassor its users. The company still chose to share the details of the incident to allow others to benefit from the warning. They believe the AI deep fake voice was trained using publicly available audio recordings of the CEO. And like a lot of us, you know, not that I have any authority, so nobody cares about my voice, but, you know, a lot of people have public speeches, public, you know, blogs and all kinds of stuff. So be warned.Some specific advice was shared by the U.S. Department of Health and Human Services last week, which basically said that you need to put a better policy in place to validate incoming requests. I mean, when the CEO calls you and demands that you transfer money, and we've seen these kind of attacks a lot, asking people to put a different account number and so forth, well, that's probably not going to work if the demand is ridiculous, but these things are getting more nuanced. They're starting to realize that when you call up in badly, you know, broken English LANGUAGE and tell people to transfer money into your bank accounts, people tend to say, I don't think so, Bob PERSON.But when it comes from your boss or your boss's boss and they're asking you for reasonable things, you know, so you may need to put some kind of, you know, callback mechanism in order to validate that, you know, in order for the launch to go through, you know, go watch Dr. Strangelove if you want to see what happens when you don't have enough controls in place and a very dedicated pilot in the form of Slim Whitman PERSON. Yeah. But, I mean, regardless, start thinking about how do we validate, I mean, if the president of the university called me, I wouldn't, I would think something is suspicious. I've never been called by the president of the university. On the other hand, if my boss called me and, you know, and left a voicemail saying,please go do this, you know, How do I know that was them now? Yeah. Well, Microsoft released the largest Patch Tuesday update, anybody can recall. 147 patches were rolled out on the April Patch Tuesday event. Now, only three of those patches were rated as critical, although it turns out they were pretty critical.Two of the flaws that were patched were being actively exploited. So they, you know, initially that I think they sort of played this down, but they basically then said, no, there's some that are being actively exploited. The last time more than 100 CVEs were patched at once was in October of 2023, which was not that long ago. I mean, it's just, you know, it never ceases to amaze me how many flaws are found in these things. But, you know, it's just, you know, it never ceases to amaze me how many flaws are found in these things, but, you know, it's just every month they patch so many things.One of the critical flaws that they patch this time was a smart screen prompt security feature bypass flaw, which was reported as being exploited in the wild by ZDI. There's a whole list of patches here, but you do probably want to be sure you're getting these patches in place before somebody comes looking for your stuff since there are some critical zero days there. All the flaws that were related as critical were related to Microsoft Defender PRODUCT forIoT, which is scary enough. But 40 of the patches were related as the SQL server, and all of those had relatively high CVS scores. I think most of them required an authenticated user or whatever. But still, you know, if your SQL PRODUCT server is getting compromised, that's pretty bad. The typical score on that one was 8.8.Microsoft ORG listed, they put their own terminology on everything, but they listed them as, quote, exploitation less likely. I'm like, less likely than what. But regardless, that's their terminology. The issues revolved around how you connect to SQL Server PRODUCT rather than the actual SQL server product itself. So if you're using any of those products, you may want to check that out and ensure thatyou've patched up. 24 vulnerabilities were patched in Windows Secure Boot PRODUCT. You know, and if you, you know, if you've watched Paul's Security Weekly ORG, you know that they talk about that kind of stuff a lot. And, of course, secure boot is what keeps you from getting persistent malware that survives the reboot process. And so, you know, yeah. So patch and patch often and maybe patch some more after that.Palo Alto Networks ORG is warning that a critical flaw in PanOS, which is on their Global Protect Gateway PRODUCT, is being exploited in the wild. The issue has, wait for this one, a CVSS score of 10. Yeah, 10. That indicates in industry parlance that it's, well, really, really bad.The CVE is a, this one is a command injection vulnerability in the global protect feature of Palo Alto Network's ORG PANOS software and may allow and wait for this one an unauthenticated attacker to execute arbitrary code with root privilege on the firewall per the company's advisory. That tells you how bad that one is, right? I mean, they're basically saying not only is the call coming from inside the house, but, you know, the person has a giant meat axe and they're coming looking for you right now. This is bad.The flaw affects multiple versions of the PanOS, but Palo Alto ORG said that the issue is only applicable to firewalls that have the configurations for both Global Protect PRODUCT gateway and device telemetry enabled. So if you're, if you do are using Palo Alto ORG firewalls, you may want to check this article out. They had a lot more detail about exactly what to look for and how to check these things. Vlexity ORG was reporting, when they found the report and reported the flaw, Palo Alto ORG said that they were aware of a limited number of attacks that leveraged the exploitation ofthis vulnerability. The flaw hasn't been patched, but Palo Alto ORG recommended customers with a threat prevention subscription should enable threat ID 95187 to secure against a problem. I guess if you don't have a threat prevention subscription, you're just out of luck. I don't know what that means. I don't have any Palo Alto ORG products, so I'm not familiar with that. The Federal Communication Commission in the United States, which is called the FCC ORG by most of us, has put a new rule in place for broadband providers that started yesterday.As of Wednesday of this week, broadband providers must publish a, quote, nutrition label to provide consumers information about hidden costs. And we all, I think all of us are familiar with ISPs trying to sell you things. And, you know, they never tell you the whole story. You know, it's like that airfare that you look at. I was just looking at all these airfares.And, you know, it says $459 round trip to Tokyo GPE. And you go, wow, that's pretty good. But then you pay the seat fee, the boarding fee, the baggage fee, the overhead bin fee, the toilet fee, the meal fee, the drink fee, and oh, you actually wanted a seat fee, the no snakes fee, the no-b-o-zone fee, and the special zone where people are not allowed to take off their freaking shoes on a plane fee. Look, folks, keep your shoes on, all right? I mean, you may think that your sweaty feet that smell like rotting diapers and malt vinegar actually smell like roses and doesn't bother anybody else. But look, I don't want to smell or see your feet, okay? I don't care how hot you are. Keep your feet to yourself. Your feet smell bad. Since you just spent two hours slogging through security and swamp-like conditions and maybe store anchovies in your shoes.You know, keep your damn shoes on. Are you born in a barn? Anyway, the new labels require that broadbands lay out any fees you may encounter under their service plans. If the broadband provider is not displaying a label or has inaccurate information about their fees, you can file a complaint with the FCC ORG, and they can actually find them. I don't know if they will, but they can. The labeling requirement is now in effect for anyproviders with more than 100,000 subscribers, but smaller providers will have until October to comply. I don't know why it takes so long to put this up, but apparently. Monetary penalties can be imposed if they fail to comply. Comcast says it is providing the labels in accordance with the new FCC requirement, but that the monthly price on the labels may be different from what it advertises. Imagine that. Now, while that sounds really bad, they qualified this by saying that the label price was higher because it did not reflect discounts and promotions that users may have. I mean, you know, that always sounds real snaky to me.I would pay to set into no bare feet, no nail clipping, no garlic blood sausage with ansoie sauce, no massive perfumer B.O. and so forth zone on most planes. But good luck with that. Well, I'm his witness and he's my mutineer.It's Aaron Leland, fresh back from the slopes of France GPE, and still having all of his limbs, it would appear, although I can't quite see his left arm. So, you know, it could have been a really great ski outing. Hi, Aaron.

Speaker 01053.24s - 1176.82s

Hey, Dr. Doug PERSON. How's it going? Happy to be back. I think the Windows updates slowed down my computer to the point of nearly stopping today. But hopefully we can keep rolling. I'm not blaming you, Microsoft ORG. It's just the world around you. Okay. Let's get straight into this. Today is an article from Hackread, 12 paid and free Ozint tools that you should know. Okay, what are Ozint tools? Osint PRODUCT tools are software applications or platforms that help you collect, analyze and interpret publiclyavailable information from various online sources. OZint stands for open source intelligence, which refers to the process of using open and accessible data to generate insights and support decision-making processes. OZENT tools can aid in investigations, research and intelligence gathering, as well as in verifying facts, identifying trends and uncovering hitting connections. Sounds super cool, doesn't it?Okay, so what are some of the benefits of OZint tools? In the article, they explore 12 paid and free OZint tools that are publicly available and can be very useful when utilized properly and for appropriate reasons, like everything that we do in the hacker, white hat, whatever world we do live in anyway. I will add my Honourable M mentions at the end and links to the story and my extras in the show notes. Okay, Epic Vin PRODUCT.Epic Vin PRODUCT is a website dedicated to providing detailed vehicle history reports based on vehicles Vin. This is obviously in America GPE, right? So Doug PERSON talking about it, global or aliens. Go check out American NORP vehicles, guys. So vehicle identification number or license plate established in 2012 and headquartered inMiami, Florida GPE. The platform offers paid results with three packages starting from 1499 for one report and seven pound and four cents. How crazy is that for four reports and five 40 for 16 reports. A lot of detail there,

Speaker 11176.86s - 1182.24s

Hackreed, good work. Anyway, Showdown. Everybody loves Showdown. And if you check sometimes a year,

Speaker 31182.24s - 1185.34s

you can get Sodan Life ORG membership for quite cheap, actually.

Speaker 11186.22s - 1205.28s

Showdown PRODUCT is essentially a search engine for internet connected devices. Anybody that's done a hacker course has seen Showdown PRODUCT. It allows users to discover various types of devices from routers to security cameras to servers and that are connected to the internet, providing valuable data about security of these devices and potential

Speaker 01205.28s - 1225.04s

vulnerabilities it says here showdown is available in free and paid packages there's definitely a package there that comes up now and again that you can just have lifetime access for it and um it's probably quite gray a lot of gray area in the law a lot of things you can see on showdown but if you use properly and legally, it's pretty awesome.

Speaker 11228.78s - 1229.12s

Okay, Teligogo is a free Google-based search engine for Telegram ORG.

Speaker 31232.16s - 1232.36s

The tool can be used to search for public telegram channels.

Speaker 11232.98s - 1246.92s

That's so cool. Groups or content, leveraging Google ORG Shirt capabilities, helps users find Telegram ORG-related information or discussions more efficiently than searching through Telegram's own search features. That's just so cool. That's just so cool.

Speaker 01247.24s - 1445.44s

There's just so many cool things about that. Okay, number four, G Hunt PRODUCT. G Hunt is a free Ozint tool designed to extract information from any Google ORG account using an email address. The data that G Hunt can gather includes Google ID ORG, owner's name, public photos, phone models, phones, firmware, installed softwares, Google Map reviews, crazy, possible physical location, possible YouTube ORG channel,possible other us name, events from Google Calendar ORG, if the account is a hangout spot, last time profile was at it, activated Google ORG services, just go over there and have a look at that and play with it. I haven't actually played with that, but it sounds like super cool and really illegal. But anyway, FACA ORG, that's a cool name in it. Fingerprints Organizations with Collective Archives ORG is a free OZent tool used primarily for securityauditing. It's designed to help security professionals analyze the domain security by finding metadata and hidden information in the documents they make available on their websites faca such a cool name is popular among penetration testers and cyber security professionals for its ability to uncover information that can help in the early stages of security audit or penetration test it provides insights that can guide further testingand exploration including document analysis metadata extraction mapping and more super cool scope now is a paid analytical search engine in the discovering and compiling digital identities from public available data it's like it's so cool all of these just sound like they should be illegal or spies or something the platform uses various algorithms to aggregate information from social media websites and other online sources to create profiles that can be used for background checks,investigative purposes and risk assessment. This can be particularly helpful and useful for professionals in law enforcement, fraud prevention and corporate security to obtain insights in the individual's online presence and behaviors. Multigo PRODUCT, as another one, if you've done a hacking course, you've probably done some of this, is a powerful tool for performing real-time data mining and information gathering, as well as the visualization of the information in graph format, who doesn't love a graph.Ideal for investigative purposes, it helps in identifying relationships and real-world links between pieces of information from various sources located on the internet. Multigo PRODUCT, according to this, is available and free and paid. Packages, Metagufil PRODUCT, which is a metadata extraction tool that's used to analyze metadata public documents. Go for it. It sounds cool. ReconNG PRODUCT is a full feature free web reconnaissance framework writtenin Python PRODUCT. We love Python. It provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly. Recon NG has a look and feel similar to the MetaSpoit PRODUCT framework, reducing the learning curve significantly. You'll have done that a hacker course as well the harvester the harvester is a free ozint tool for gathering email accounts subdomain names virtual hosts open ports banners and employee names from different public sources through search engines key servers this tool is particularly useful in early stages of penetration test they understand the humanelement of cybersecurity,

Speaker 11445.72s - 1446.52s

which is massive, right?

Speaker 31446.94s - 1448.08s

This one's so cool.

Speaker 11448.14s - 1474.68s

I don't even know if we have this in the UK GPE. This is obviously an American NORP one. I think we just lost Aaron. So, okay, we'll just wrap this up then. Don't know what happened. Hopefully London's still there.It wasn't one of those unusual events or, you know, that Russian NORP stormtroopers are landing in the streets or what have you. But I don't know if he's coming back or not. Oh, hi, Aaron. Are you back?

Speaker 01475.22s - 1476.58s

I don't know what happened there.

Speaker 31477.04s - 1477.88s

Well, you can wrap.

Speaker 01478s - 1478.52s

You can wrap up.

Speaker 11478.52s - 1482.84s

My right-hand side and the Riverside FAC thing was blank.

Speaker 01483.36s - 1484.34s

I was just vamping.

Speaker 11484.5s - 1486.18s

So you want to finish what you were talking about?

Speaker 01486.96s - 1581.6s

Okay, I'll carry on. Okay, in at number 11, Arrest.org ORG. Arrest.org ORG is a free website aggregating, booking and arrest records from various public law enforcement agencies across the United States GPE. This site typically displays mugshots, personal information, such as age and gender.It just sounds like Tinder for interesting people, right? And details of the charges against the individuals listed. These records are pulled up from publicly available sources such as County Sheriff's offices and police departments. And the last one for their ones, OZID framework, not a tool in itself, but rather a free collection of Ossin tools for specific purposes. Okay, so some of my honorable mentions go over and have a look at Spiderfoot PRODUCT, have a look at Honchley, have a look at Talkwater, Walker even, Talk Walker PRODUCT. And of course, my favorite, everybody should be doing this if you're in the Ozzy PRODUCT.Have a look at Google ORG Dorks. So, okay, that's, and Belling Cat PRODUCT, that's another one that just come to my head. That's like a really cool website of investigated journalists that look into all cool stuff. So in conclusion, OZint tools are valuable and powerful instruments that can help you access and analyze a wealth of information. All good there.Hopefully, my computer in Microsoft ORG will stop giving me bugs. We'll go back to Dr. Doug PERSON in the studio, who's the Ozin captain of this ship. Ahoy and sail away, please, Dr. Doug PERSON. Thank you, Aaron.

Speaker 11583.04s - 1834.12s

And finally, you know you want a com badge, right? I mean, everybody wants a com badge. You want to be able to go like, Riker PERSON, what's that burning sensation I feel? You know, that kind of thing? Yeah, you know that.Three to beam up, all that. I mean, at least that's how all of it works in my Star Trek erotic fanfic. But the Humane AI pin. So this was a big deal that came out last year. They didn't get released, but they debuted it. They talked about it. And it's supposed to be thebeginning of some kind of wearable AI revolution and in how we all interact with the world around us and everybody else. Now this pin, and I'm going to put pen in air quotes, because from the looks of it, it's a little bigger than a pin. It's sort of often the realm of like your great-grandmother's brooch, brooch, brooch. How do you say that brooch? B-R-O-A-B-R-A-Broche, right? I have problems with these kind of words. But I can't say the name Joyce PERSON either. I have problems with it. But, you know,my great-grandmother always see these big pendant things that were like, you know, the size of flip phones. Yeah. This thing costs $699 and you have to have a $24 a month subscription. And I don't even know if it must be like Wi-Fi enabled or something. But it, well, it looked like one of those pocket calculators they were selling back in the 1970s. But apparently you pin it to your clothing like a com badge.Riker PERSON, you know, get back down here. But anyway, I mean, what it is is a small, wearable chatbot. So that's the point of it, I guess. The developer called it your second brain. And the pen has a mic and a camera, and it's powered by an OS named Cosmos PRODUCT. It apparently has vision capabilities and can make calls, send text, take photos, or play music,and it can also display images on the palm of your hand. So this was the big deal about this, was it projected stuff onto the palm of your hand. So you were able to read text and things like that. So that was kind of an interesting idea. The only user interface that it has is the tap and talk com badge method. So just like com badges, right, you tap it and you talk. So it is a com badge. But much like Zephram Cochran's first flight, it's apparently not got all the bugs worked out so far. Reviewers were saying things, I guess these were early release reviewers.They were saying things like this one, quote, I asked a device to play a Beyonce PERSON song, and the device went on a diatribe explaining Humane ORG's back-end instructions for the AI when someone asked for music. back-end instructions for the AI when someone asks for music. Another one said, quote, a question about the weather took 10 seconds before an answer was provided, which doesn't sound like long, but they'd go one, two, yeah, it's pretty long. I mean, I love tech.I love all kinds of cutting edge tech and things like that, but I usually wait for the next gen, right? Because the first gen of almost anything is not the greatest. I mean, you really want to get on that first flight, you know, when they're still trying to figure out if the doors will stay on. Maybe you do. You know, some people are like that. I do think this is probably the beginning of this kind of thing. And I think it will become more common. And, you know, we're always just, you know, immediately asking questions of our devices and so forth. You know, you see something,a weird bird by the side of the road, eating a carcass. And you go, wonder what that thing is. It would really be handy to have like a camera that, you know, is attached and goes, oh, yes, that's a vulture. But anyway, just like dashboard cams did this, right? I mean, we saw this sort of come together. But like dashboard cams and other devices, it'll probably have a host of issues before it becomes something everybody's using all the time. I mean, remember early cell phones? I do. A giant two kilo brick with 10 minutes of battery life that usually didn't work. Cost $3 a minute. But look at us today. So will I get my com badge before I'm dead? Probably. But maybe not this week for $699 and $24 additional a month.Yeah, maybe not. Anyway, that's the and $24 additional a month. Yeah, maybe not. Anyway, that's the news. Thank you, Aaron. And we will see all of you next time on the Security Weekly News.