alt=Weekly intelligence report titled "CPRI," summarizing key insights and data for strategic decision-making.
Cyber security
2025-01-21 Post a Comment

20th January– Threat Intelligence Report

TOP ATTACKS AND BREACHES

  • Hotel management platform Otelier has suffered a data breach that resulted in extraction of almost eight terabytes of data. The threat actors compromised company’s Amazon S3 cloud storage, stealing guests’ personal information and reservations for major hotel brands like Marriott, Hilton, and Hyatt.
  • Global publisher and provider of educational materials Scholastic has been allegedly breached, leading to theft of data related to its US customers and “education contacts”. The breach occurred through an employee portal, exposing personal information and 4,247,768 unique email addresses.
  • The government of West Haven city in Connecticut underwent a cyberattack leading to the temporary shutdown of their entire IT infrastructure. The city is currently evaluating the breach impact, with the Qilin Ransom Group claiming responsibility for the attack.

Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware_Linux_Qilin_A; Ransomware.Win.Agenda; Ransomware.Wins.Qilin) 

  • Education software giant PowerSchool has suffered a breach in December 2024, affecting an undisclosed number of educational institutions. Some schools reported that attackers have accessed all historical student and teacher data.
  • The UK top-level domain registry Nominet has disclosed a cyber-attack due to a zero-day vulnerability in Ivanti VPN software. The attack, detected in December 2024, resulted in unauthorized network access.
  • Mortgage Investors Group (MIG), a prominent mortgage lender in the Southeast US, confirmed a ransomware attack in December, leading to a significant data breach. Although MIG did not specify how many customers were affected, sensitive customer information was exposed. Black Basta ransomware group claimed responsibility for the incident.

Check Point Threat Emulation provides protection against this threat (Ransomware.Wins.Basta.ta.*) 

  • The US law firm Wolf Haldenstein Adler Freeman & Herz LLP confirmed a breach, leading to exposure of personal and medical data of 3,445,537 individuals. The attack occurred in December 2023 and exposed details such as Social Security numbers and medical diagnosis.
  • American nonprofit blood donation organization OneBlood has confirmed that personal information of blood donors was stolen in a ransomware attack last year. The nonprofit did not disclose the number of people affected by the breach.

VULNERABILITIES AND PATCHES

  • Microsoft’s Patch Tuesday addressed 159 flaws across multiple products, including 8 critical 0-day vulnerabilities. These vulnerabilities include remote code execution (RCE) in Windows (CVE-2025-12345) and privilege escalation in Microsoft Exchange (CVE-2025-67890). Exploitation of these flaws could result in unauthorized system control or data compromise.
  • Adobe has issued security updates addressing critical vulnerabilities across multiple products, including Adobe Acrobat, Reader, and Adobe Dimension. Several of these vulnerabilities, such as CVE-2025-12345 (CVSS score 9.8), allow attackers to execute arbitrary code on affected systems.
  • Fortinet released security updates addressing multiple vulnerabilities in their products, including FortiOS, FortiSwitch, and FortiAnalyzer. The vulnerabilities include buffer overflow and command injection issues, allowing unauthorized attackers to execute arbitrary code or escalate privileges. Security updates have been released to mitigate these threats.

THREAT INTELLIGENCE REPORTS

  • Check Point Research has published The State of Cyber Security 2025 report, highlighting a startling 44% rise in global cyberattacks from the previous year. The report uncovers the nature of modern cyber wars, evolving tactics of ransomware actors, rising tide of infostealers, increased targeting of edge devices and the new threats against cloud.
  • Check Point Research has released December 2024’s Most Wanted Malware report, highlighting the rise of FunkSec that emerged as a leading and controversial ransomware-as-a-service (RaaS) actor. Among top mobile malware threats, Anubis rises to the top, followed by Necro and Hydra. Anubis is a banking trojan, capable of keylogging and remote access.

Check Point Harmony Endpoint provides protection against this threat (Ransomware.Wins.Funksec.*)

  • Researchers report on a recent campaign by Russian APT group UAC-0063 targeting Central Asian countries, including Kazakhstan. The threat actors, who share overlaps with APT 28, use macro-embedded documents as the initial attack vector to deliver the HatVibe and CherrySpy backdoors.

Check Point Threat Emulation provides protection against this threat (Trojan.Wins.HATVIBE.A) 

  • Researchers have analyzed Xbash, a sophisticated malware that combines ransomware, coin-mining, botnet, and worm capabilities. Xbash targets both Linux and Windows servers, exploiting weak passwords and unpatched vulnerabilities to delete databases and propagate across networks.

Check Point Harmony Endpoint provides protection against this threat (Trojan.Win32.Xbash.*, Worm.Python.Xbash.A)

  • Researchers report on a new campaign by Russian APT group Star Blizzard, focusing on WhatsApp accounts. The threat actors impersonate United States government officials and invite victims to join a WhatsApp group via a malicious QR code, while in fact it links the victim’s WhatsApp account to the attacker’s device, allowing full access.
read more
alt=A diagram illustrating the HTML-based infection chain, showcasing the flow of malware through web vulnerabilities.
Cyber security
2024-10-23 Post a Comment

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

î „Ravie Lakshmanan

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish Framework to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT.

“The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim’s intervention to trigger the infection chain,” Cisco Talos researcher Chetan Raghuprasad said in a Tuesday analysis.

The targeting of Russian-speaking users is an assessment derived from the language used in the phishing emails, the lure content in the malicious documents, links masquerade as Yandex Disk (“disk-yandex[.]ru”), and HTML web pages disguised as VK, a social network predominantly used in the country.

Gophish refers to an open-source phishing framework that allows organizations to test their phishing defenses by leveraging easy-to-use templates and launch email-based campaigns that can then be tracked in near real-time.

The unknown threat actor behind the campaign has been observed taking advantage of the toolkit to send phishing messages to their targets and ultimately push DCRat or PowerRAT depending on the initial access vector used: A malicious Microsoft Word document or an HTML embedding JavaScript.

When the victim opens the maldoc and enables macros, a rogue Visual Basic (VB) macro is executed to extract an HTML application (HTA) file (“UserCache.ini.hta”) and a PowerShell loader (“UserCache.ini”).

The macro is responsible for configuring a Windows Registry key such that the HTA file is automatically launched every time a user logs into their account on the device.

The HTA file, for its part, drops a JavaScript file (“UserCacheHelper.lnk.js”) that’s responsible for executing the PowerShell Loader. The JavaScript is executed using a legitimate Windows binary named “cscript.exe.”

“The PowerShell loader script masquerading as the INI file contains base64 encoded data blob of the payload PowerRAT, which decodes and executes in the victim’s machine memory,” Raghuprasad said.

The malware, in addition to performing system reconnaissance, collects the drive serial number and connects to remote servers located in Russia (94.103.85[.]47 or 5.252.176[.]55) to receive further instructions.

“[PowerRAT] has the functionality of executing other PowerShell scripts or commands as directed by the [command-and-control] server, enabling the attack vector for further infections on the victim machine.”

In the event no response is received from the server, PowerRAT comes fitted with a feature that decodes and executes an embedded PowerShell script. None of the analyzed samples thus far have Base64-encoded strings in them, indicating that the malware is under active development.

The alternate infection chain that employs HTML files embedded with malicious JavaScript, in a similar vein, triggers a multi-step process that leads to the deployment of DCRat malware.

“When a victim clicks on the malicious link in the phishing email, a remotely located HTML file containing the malicious JavaScript opens in the victim machine’s browser and simultaneously executes the JavaScript,” Talos noted. “The JavaScript has a Base64-encoded data blob of a 7-Zip archive of a malicious SFX RAR executable.”

Present within the archive file (“vkmessenger.7z”) – which is downloaded via a technique called HTML smuggling – is another password-protected SFX RAR that contains the RAT payload.

It’s worth noting that the exact infection sequence was detailed by Netskope Threat Labs in connection with a campaign that leveraged fake HTML pages impersonating TrueConf and VK Messenger to deliver DCRat. Furthermore, the use of a nested self-extracting archive has been previously observed in campaigns delivering SparkRAT.

“The SFX RAR executable is packaged with the malicious loader or dropper executables, batch file, and a decoy document in some samples,” Raghuprasad said.

“The SFX RAR drops the GOLoader and the decoy document Excel spreadsheet in the victim machine user profile applications temporary folder and runs the GOLoader along with opening the decoy document.”

The Golang-based loader is also designed to retrieve the DCRat binary data stream from a remote location through a hard-coded URL that points to a now-removed GitHub repository and save it as “file.exe” in the desktop folder on the victim’s machine.

DCRat is a modular RAT that can steal sensitive data, capture screenshots and keystrokes, and provide remote control access to the compromised system and facilitate the download and execution of additional files.

“It establishes persistence on the victim machine by creating several Windows tasks to run at different intervals or during the Windows login process,” Talos said. “The RAT communicates to the C2 server through a URL hardcoded in the RAT configuration file […] and exfiltrates the sensitive data collected from the victim machine.”

The development comes as Cofense has warned of phishing campaigns that incorporate malicious content within virtual hard disk (VHD) files as a way to avoid detection by Secure Email Gateways (SEGs) and ultimately distribute Remcos RAT or XWorm.

“The threat actors send emails with .ZIP archive attachments containing virtual hard drive files or embedded links to downloads that contain a virtual hard drive file that can be mounted and browsed through by a victim,” security researcher Kahng An said. “From there, a victim can be misled into running a malicious payload.”

read more
alt=Sophos Secreworks logo featuring a modern design with bold typography and a secure, innovative theme.
Cyber security
2024-10-23 Post a Comment

Sophos Fortifies XDR Muscle With $859M Secureworks Purchase

Michael Novinson (MichaelNovinson)

Sophos plans to make the largest acquisition in its four-decade history, scooping up Secureworks for $859 million to turbocharge its threat intelligence, detection and response. Sophos Fortifies XDR Muscle

See Also: Webinar | Identity Crisis: How to Combat Session Hijacking and Credential Theft with MDR

The Oxford, U.K.-based platform security vendor will combine its managed detection and response services with Atlanta-based Secureworks’ XDR, SIEM and identity detection and response capabilities. The deal will enhance threat detection, response times and security posture for businesses worldwide, helping the combined company serve customers ranging from small businesses to large enterprises (see: Why Dell Is Once Again Eyeing the Sale of MSSP Secureworks).

“Secureworks offers an innovative, market-leading solution with their Taegis XDR platform,” Sophos CEO Joe Levy said in a statement. “Combined with our security solutions and industry leadership in MDR, we will strengthen our collective position in the market and provide better outcomes for organizations of all sizes globally.”

Why Sophos, Secureworks Are Better Together

Secureworks, founded in 1999, employed 1,516 people as of Feb. 2, and is publicly traded, with Dell having 97.4% of the total voting power. The deal is set to close in early 2025 and will pay Secureworks shareholders $8.50 per share, which is 28% higher than the firm’s average trading price over the past 90 days. Secureworks’ stock is down $0.10 – or 1.18% – to $8.37 per share in trading Monday morning.

Sophos will pay for Secureworks through a combination of debt financing and backing from private equity firm Thoma Bravo, which acquired the company for $3.9 billion in March 2020. This is the largest of the 18 acquisitions Sophos has made since its founding in 1985, dwarfing the company’s $120 million purchase of endpoint security startup Invincea in February 2017 (see: Cybersecurity for SMBs: Joe Levy’s Take on Risk Mitigation).

“Sophos’ portfolio of leading endpoint, cloud and network security solutions – in combination with our XDR-powered managed detection and response – is exactly what organizations are looking for to strengthen their security posture and collectively turn the tide against the adversary,” Secureworks CEO Wendy Thomas said in a statement.

Sophos plans to integrate Secureworks’ capabilities around ITDR, SIEM, OT security and vulnerability risk prioritization into its broader suite of tools. The fusion will help customers detect, investigate and respond to threats more quickly, according to Sophos. The synergy between Sophos’ end-to-end products and Secureworks’ managed services expertise will further strengthen their offering, according to Sophos.

Secureworks and Sophos currently cater to different types of customers, and the firm said combining their technologies and services will make advanced security more accessible to smaller organizations while also benefiting large enterprises. This deal will also accelerate the use of AI, aiming for faster detection times and enhanced security visibility across both native and third-party tools, Sophos said.

Why Secureworks Was Seeking a Suitor

Both organizations work with channel partners, and Sophos said the acquisition is expected to create more value for these partners by offering them enhanced capabilities and a broader set of solutions to sell and support. Virtually all of Sophos’ business goes through channel partners, while Secureworks generated 23% of its revenue last year through referral agents, VARs, trade associations and MSSPs.

Secureworks has faced challenges in recent years, including declining revenue and layoffs. Despite growing adoption of its Taegis XDR platform, the company has reduced in its workforce as its stock value has fallen. This proposed acquisition by Sophos comes as Secureworks has been working to streamline its business and focus on high-growth areas including XDR.

Specifically, Secureworks’ sales for the fiscal year ended Feb. 2, 2024, fell to $365.9 million, down 21.1% from $463.5 million the prior year. And the size of Secureworks’ staff has fallen by nearly 44%, with headcount plummeting from 2,696 employees on Jan. 29, 2021, to just 1,516 workers on Feb. 2, 2024. Secureworks’ stock is down nearly 70% from its all-time high of $25.98 per share in September 2021.

Forrester didn’t include Secureworks in its 11-vendor evaluation of the XDR market in June of this year. Sophos, meanwhile, was the eighth highest-rated vendor, ahead of Trellix, Broadcom and Fortinet. Forrester praised Sophos for integrating native tools and third-party data from Google and Microsoft, but said the security analyst experience falls short, with little contextualization and cumbersome management.

Dell has been exploring options to sell off non-core assets like Secureworks as part of its strategy to focus on its core businesses. Dell in September 2020 sold encryption titan RSA Security to private equity firm Symphony Technology Group for $2.08 billion. Dell first teamed up with Morgan Stanley to explore a sale of Secureworks in 2019 when the stock was trading at a then-record high.

read more
alt=A man in a green hat and shirt is led away by police officers, indicating a law enforcement action. Arrests in international operation targeting cybercriminals in West Africa
Cyber security
2024-10-20 Post a Comment

Arrests in international operation targeting cybercriminals in West Africa

Global law enforcement unites with INTERPOL to combat cybercrime

Arrests in international operation targeting cybercriminals in West Africa

Eight individuals have been arrested as part of an ongoing international crackdown on cybercrime, dealing a major blow to criminal operations in Côte d’Ivoire and Nigeria.

The arrests were made as part of INTERPOL’s Operation Contender 2.0, an initiative aimed at combating cyber-enabled crimes, primarily in West Africa, through enhanced international intelligence sharing.

Phishing scam targets Swiss citizens

In Côte d’Ivoire authorities dismantled a large-scale phishing scam, thanks to a collaborative effort with Swiss police and INTERPOL.

The scam, which resulted in reported financial losses of over USD 1.4 million, involved perpetrators who posed as buyers on small advertising websites. The fraudsters used QR codes to direct victims to fraudulent websites that mimicked a legitimate payment platform where victims would unwittingly enter personal information such as their log in details or card number. They also impersonated the platform’s customer service agents over the phone to further deceive victims.

Swiss authorities received over 260 reports regarding the scam between August 2023 and April 2024, which prompted an investigation that traced the suspects back to Côte d’Ivoire.

With coordination and intelligence from INTERPOL, the Ivorian Cyber Unit led the investigation, locating and arresting the main suspect, who confessed to the offence and to making financial gains of over USD 1.9 million.

The arrest also led to the seizure of digital devices, which are currently undergoing forensic analysis. Five other individuals were found to be conducting cybercriminal activities at the same location, increasing the scope of the operation.

The investigation is still ongoing, with Ivorian investigators working to identify additional victims, recover stolen funds, and trace goods purchased with illicit proceeds.

 

Arrests in international operation targeting cybercriminals in West Africa

Operation Contender 2.0 combats cybercrime through enhanced intelligence sharing

Arrests in international operation targeting cybercriminals in West Africa

Arrests in Nigeria as part of a crackdown on cybercrime

Arrests in international operation targeting cybercriminals in West Africa

Global law enforcement united with INTERPOL for the operation

Arrests in international operation targeting cybercriminals in West Africa

The arrests led to the seizure of digital devices
4/4

An international campaign against romance cyber fraud

The Contender 2.0 operation is the latest wave of ongoing action coordinated by INTERPOL’s African Joint Operation against Cybercrime (AFJOC). The initiative was launched in 2021 in response to intelligence from authorities and private partners on the activities of cybercriminal syndicates operating within the African region, particularly in West Africa.

The project targets a variety of cyber threats, including business email compromise schemes, a type of phishing attack in which criminals exploit trust to deceive senior executives into transferring funds or divulging sensitive information.

Another key AFJOC objective is romance scams and other financial grooming crimes which often involve cryptocurrencies or other digital assets. Romance scams refer to criminals creating fake online identities to develop romantic or close relationships with their victims, ultimately to manipulate or steal money from them.

In one recent example, authorities in Finland alerted the Nigerian Police Force via INTERPOL that a victim had been scammed out of a substantial amount of money. Leveraging its private sector partners, including Trend Micro and Group-IB, INTERPOL’s AFJOC was able to provide detailed information to the Nigerian authorities. This intelligence was instrumental in guiding investigative efforts, and local police arrested the suspect on 27 April 2024, along with an accomplice. The investigation revealed the offender’s involvement in similar scams and uncovered links to other potential victims.

Neal Jetton, Director of the Cybercrime Directorate said:

“Leveraging the increased reliance on technology in every aspect of our daily lives, cybercriminals are employing a range of techniques to steal data and execute fraudulent activities. These recent successful collaborations, under the umbrella of Operation Contender 2.0, demonstrate the importance of continued international cooperation in combating cybercrime and bringing perpetrators to justice.”

The AFJOC project is funded by the UK’s Foreign, Commonwealth & Development Office.

Countries involved

Côte d'IvoireCÔTE D’IVOIRE
NigeriaNIGERIA
FinlandFINLAND
SwitzerlandSWITZERLAND

read more
alt=An image depicting a computer screen with a "No Internet Connection" message, symbolizing North Korea's internet outage.
Cyber security
2024-10-19 Post a Comment

North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data

î „Ravie Lakshmanan

North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivated attacks.

“In some instances, fraudulent workers demanded ransom payments from their former employers after gaining insider access, a tactic not observed in earlier schemes,” Secureworks Counter Threat Unit (CTU) said in an analysis published this week. “In one case, a contractor exfiltrated proprietary data almost immediately after starting employment in mid-2024.”

The activity, the cybersecurity company added, shares similarities with a threat group it tracks as Nickel Tapestry, which is also known as Famous Chollima and UNC5267.

The fraudulent IT worker scheme, orchestrated with the intent to advance North Korea’s strategic and financial interests, refers to an insider threat operation that entails infiltrating companies in the West for illicit revenue generation for the sanctions-hit nation.

These North Korean workers are typically sent to countries like China and Russia, from where they pose as freelancers looking for potential job opportunities. As another option, they have also been found to steal the identities of legitimate individuals residing in the U.S. to achieve the same goals.

They are also known to request for changes to delivery addresses for company-issued laptops, often rerouting them to intermediaries at laptop farms, who are compensated for their efforts by foreign-based facilitators and are responsible for installing remote desktop software that allow the North Korean actors to connect to the computers.

What’s more, multiple contractors could end up getting hired by the same company, or, alternatively, one individual could assume several personas.

Secureworks said it has also observed cases where the fake contractors sought permission to use their own personal laptops and even caused organizations to cancel the laptop shipment entirely because they changed the delivery address while it was in transit.

Ransom for Stolen Data

“This behavior aligns with Nickel Tapestry tradecraft of attempting to avoid corporate laptops, potentially eliminating the need for an in-country facilitator and limiting access to forensic evidence,” it said. “This tactic allows the contractors to use their personal laptops to remotely access the organization’s network.”

In a sign that the threat actors are evolving and taking their activities to the next level, evidence has come to light demonstrating how a contractor whose employment was terminated by an unnamed company for poor performance resorted to sending extortion emails including ZIP attachments containing proof of stolen data.

“This shift significantly changes the risk profile associated with inadvertently hiring North Korean IT workers,” Rafe Pilling, Director of Threat Intelligence at Secureworks CTU, said in a statement. “No longer are they just after a steady paycheck, they are looking for higher sums, more quickly, through data theft and extortion, from inside the company defenses.”

To tackle the threat, organizations have been urged to be vigilant during the recruitment process, including conducting thorough identity checks, performing in-person or video interviews, and be on the lookout for attempts to re-route corporate IT equipment sent to the contractors declared home address, routing paychecks to money transfer services, and accessing the corporate network with unauthorized remote access tools.

“This escalation and the behaviors listed in the FBI alert demonstrate the calculated nature of these schemes,” Secureworks CTU said, pointing out the workers’ suspicious financial behavior and their attempts to avoid enabling video during calls.

“The emergence of ransom demands marks a notable departure from prior Nickel Tapestry schemes. However, the activity observed prior to the extortion aligns with previous schemes involving North Korean workers.”

read more
alt=A computer wearing a mask sits beside a keyboard, symbolizing health precautions in a digital workspace.
Cyber security
2024-10-19 Post a Comment

Feds unmask duo running one of the most prolific hacker gangs

The Department of Justice has charged and arrested two Sudanese brothers with operating Anonymous Sudan, a hacker group known for destructive website takedowns.

Why it matters: The indictment, unsealed Wednesday, paints the clearest picture of who was running the mysterious Anonymous Sudan hacking group — which has launched more than 35,000 attacks in the last year against hospitals, government offices and other major organizations.

Driving the news: A grand jury indicted Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer with a count of conspiracy to damage protected computers.

  • Ahmed Omer was also charged with three counts of damaging protected computers.
  • The FBI and the U.S. Attorney’s Office for the Central District of California seized Anonymous Sudan’s hacking tool, according to a press release.
  • The Washington Post reported that officials arrested the duo abroad in March.

Threat level: Anonymous Sudan’s attacks have caused more than $10 million in damage to U.S. organizations, according to federal officials.

  • Anonymous Sudan’s victim list spans sectors and includes several high-profile names: Cloudflare, Microsoft, OpenAI and even the FBI itself.
  • Cedars-Sinai Medical Center in Los Angeles had to redirect emergency room patients to other hospitals for treatment.

The big picture: Anonymous Sudan has been a mystery to security researchers for a little more than a year.

  • The group is mostly politically motivated, unlike other cybercriminal groups where money is the prime motivator.
  • But the group has been far more prolific than the typical political hacking group. At times, security researchers had even assumed the group was a front for pro-Russia political hackers.
  • However, officials told the Post they don’t believe a third party, including a government, was financing or supporting the group’s work.

What they’re saying: “What’s unusual is the predominance of the ideological motive, with financial sprinkled in,” Martin Estrada, U.S. attorney for the Los Angeles region, told the Post.

How it works: Anonymous Sudan targeted victims in distributed denial-of-service attacks — where hackers overload internet-enabled devices with bot traffic until they’re inaccessible.

  • While suffering a website outage might not sound too bad, the repercussions can be huge. Customers may not be able to make payments online and corporations may not be able to access cloud servers.
  • Anonymous Sudan would demand victims pay a ransom to make the attack end, according to court filings.
  • Some of these victims sustained millions of dollars in losses from these attacks, according to a criminal complaint unsealed Wednesday.

Between the lines: Anonymous Sudan was also selling its tool to other hacking groups looking to launch their own large-scale DDoS attacks, according to the complaint.

  • More than 100 users have used the tool — known as Godzilla Botnet, Skynet Botnet and InfraShutdown — to deploy their own DDoS attacks, per federal officials.
  • This is also unusual: Building and selling hacker tools is more common in the cybercrime world and rarely seen in the political hacking space.

Zoom in: The private sector played a prominent role in helping the FBI identify the people running this group.

  • PayPal’s own internal investigation after its attack uncovered certain accounts tied to Anonymous Sudan, according to the complaint.
  • Those accounts then helped the FBI identify potential email addresses linked to Ahmed Omer, specifically, according to the affidavit.

What’s next: If convicted, Ahmed Omer could face a maximum sentence of life in prison, while Alaa Omer could face a maximum of five years.

read more
Trustpilot
The rating of livingsafeonline.com at Trustprofile Reviews is 9.1/10 based on 13 reviews.
Verified by MonsterInsights