data breach - X-Industry - Red Sky Alliance2024-03-29T02:31:25Zhttps://redskyalliance.org/xindustry/feed/tag/data+breachFBI Guidance on Delaying SEC-Required Data Breach Disclosurehttps://redskyalliance.org/xindustry/fbi-guidance-on-delaying-sec-required-data-breach-disclosure2023-12-16T12:00:00.000Z2023-12-16T12:00:00.000ZMac McKeehttps://redskyalliance.org/members/MacMcKee<div><p><a href="{{#staticFileLink}}12324148088,original{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12324148088,RESIZE_400x{{/staticFileLink}}" width="250" alt="12324148088?profile=RESIZE_400x" /></a>In the US, the Federal Bureau of Investigation (FBI) has issued guidance regarding the data breach reporting requirements of the US Securities and Exchange Commission (SEC), providing useful information on how disclosures can be delayed. The SEC announced in late July that it had adopted new cybersecurity incident disclosure rules for public companies, requiring them to disclose, through a Form 8-K filing, any material breach within four business days. The rules are set to go into effect on 18 December 2023.</p>
<p>See: <a href="https://redskyalliance.org/xindustry/8-k-a-need-for-cyber-threat-intel">https://redskyalliance.org/xindustry/8-k-a-need-for-cyber-threat-intel</a></p>
<p>When it announced the new rules, the SEC noted that some companies may be exempt if there is substantial risk to public safety or national security. The FBI has now provided some clarifications on this exemption, explaining that the Justice Department can grant a 30-day delay for national security or public safety reasons. The disclosure can be delayed for another 30 days, or 60 days in extraordinary circumstances involving national security, but the delays cannot exceed a total of 120 business days without an exemptive order from the SEC.<a href="#_ftn1">[1]</a></p>
<p>The FBI is accepting the delay requests on behalf of the Justice Department and organizations seeking to delay disclosure must follow certain procedures. “If the FBI does not receive the delay request from the victim directly or through the US Secret Service (USSS), the Cybersecurity and Infrastructure Security Agency (CISA), or another sector risk management agency (SRMAs) concurrently with the materiality determination, the FBI won’t process the request,” the agency explained. It added, “In other words, failure to report the cyber incident immediately upon determination of materiality will cause a delay-referral request to be denied. The FBI also encourages victims to engage with the FBI directly or through USSS, CISA, or SRMAs prior to making a materiality determination.”</p>
<p>While some applauded the SEC for its initiative when it announced the new rules, others raised concerns about the impact on investors and some warned that the disclosure rules could actually help cybercriminals.</p>
<p>See: <a href="https://www.sec.gov/files/33-11038-fact-sheet.pdf">https://www.sec.gov/files/33-11038-fact-sheet.pdf</a></p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p> </p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></p>
<p>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p> </p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a></p>
<p> </p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.securityweek.com/fbi-issues-guidance-for-delaying-sec-required-data-breach-disclosure/">https://www.securityweek.com/fbi-issues-guidance-for-delaying-sec-required-data-breach-disclosure/</a></p></div>Virus Totalhttps://redskyalliance.org/xindustry/vt-i-m-sorry2023-07-26T11:50:00.000Z2023-07-26T11:50:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12160812064,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12160812064,RESIZE_400x{{/staticFileLink}}" alt="12160812064?profile=RESIZE_400x" width="250" /></a>Google’s malware scanning platform VirusTotal published an recent apology after hundreds of individuals working for defense and intelligence agencies globally had their names and email addresses accidentally exposed by an employee.</p>
<p>In a public statement, VirusTotal said it apologized “for any concern or confusion” the exposure may have caused and said it took place on 29 June, when the employee accidentally uploaded a CSV file to the platform.<a href="#_ftn1">[1]</a> “This CSV file contained limited information of our Premium account customers, specifically the names of companies, the associated VirusTotal group names, and the email addresses of group administrators. We removed the file, which was only accessible to partners and corporate clients, from our platform within one hour of its posting.”</p>
<p>The company stressed that the incident was not the result of a cyberattack or a vulnerability, but simply human error. It said that since the incident the platform has “implemented new internal processes and technical controls to improve the security and safeguarding of customer data.”</p>
<p>The list of 5,600 customers, which was seen by Recorded Future News, included hundreds of email addresses in the format “firstname.lastname@” for personnel working in sensitive government departments.</p>
<p>It identifies individuals affiliated with US Cyber Command and the National Security Agency, as well as with the Pentagon, the FBI, and several US military service branches. It reveals some military personnel are using email providers other than those connected to official domains as part of their threat intelligence work, with user accounts for some organizations and military commands registered to Gmail, Hotmail, and Yahoo.</p>
<p>From the United Kingdom, it contains the names of a dozen Ministry of Defense personnel as well as emails belonging to staff at the CERT-UK function of the National Cyber Security Center, a part of GCHQ. Keeping with GCHQ’s email format, the NCSC emails include only an initial for each users’ surname.</p>
<p>Full names are recognizable in the email addresses belonging to specialists working at the MoD, as well as at the Cabinet Office, the Nuclear Decommissioning Authority, and the Pensions Regulator. None of these agencies expressed concern about the incident when contacted by Recorded Future News, and spokespeople generally described it as a low-risk incident.</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a> <br /> Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://therecord.media/virustotal-data-leak-apology/">https://therecord.media/virustotal-data-leak-apology/</a></p></div>1.5 million Unhappy Bank Customershttps://redskyalliance.org/xindustry/1-5-million-unhappy-bank-customers2022-06-22T19:18:40.000Z2022-06-22T19:18:40.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}10588774290,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10588774290,RESIZE_400x{{/staticFileLink}}" width="250" alt="10588774290?profile=RESIZE_400x" /></a>Flagstar Bank, <a href="https://www.flagstar.com">https://www.flagstar.com</a> has recently disclosed a security incident that led to the exposure of personal data belonging to up to 1.5 million customers. According to cyber threat investigators, the data breach occurred between 3 December 3 and 4 December 2021. The US financial organization is headquartered in Michigan and operates over 150 branches in areas including Indiana, California, Wisconsin, and Ohio. Flagstar Bank serves both consumer and commercial businesses, holding $23.2 billion in assets. Flagstar Bank is a subsidiary of Flagstar Bancorp, listed on the NYSE as FBC.</p>
<p>The bank reported in a security notice that the incident involved "unauthorized access" to the bank's network. "In response, Flagstar promptly took steps to secure its environment and investigate the incident with the assistance of third-party forensic experts," Flagstar's spokesman stated. On 2 June 2022, Flagstar's investigators concluded that information belonging to over 1.5 million customers may have been affected by the breach.</p>
<p>There is no evidence that this data has been leaked, sold, or otherwise misused, according to the bank. "Since then, we have taken several measures to toughen our information security. We now believe we have strengthened processes and systems in a way that should reduce our cyber vulnerabilities in the future," the bank spokesman said.</p>
<p>The standard procedure when a data breach occurs at a major company, one of the first steps taken is to offer the impacted customers free credit-monitoring services. Flagstar Bank has chosen to take this route and anyone alerted to the possible leak of their personal information will be offered two years of free monitoring. "We sincerely apologize for any inconvenience this may have caused you," a Flagstar representative says. "We remain fully committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it."</p>
<p>This is the second security issue to strike Flagstar in just over a year. In March 2021, the bank, and Accellion customers, were impacted by a security incident caused by a zero-day vulnerability in Accellion's file-sharing platform, File Transfer Appliance (FTA). This flaw meant an unauthorized party was able to access some of Flagstar's information on the Accellion platform.</p>
<p>Accellion <a href="https://community.accellion.com">https://community.accellion.com</a> a provider of hosted file transfer services, recently agreed to pay $8.1 million to settle a class-action lawsuit related to a data breach in December 2020. The lawsuit, filed in a California Federal Court, claims that Accellion failed to protect the sensitive information of millions of users after threat actors exploited a vulnerability in Accellion’s file transfer appliance (FTA).</p>
<p>Based in California, Accellion is a private cloud solutions company providing software for third-party secure file transfers. The data breach occurred due to a bug in Accellion’s file-sharing software, used by several organizations globally.</p>
<p>The data breach affected many Accellion clients. It impacted millions of users’ sensitive data such as names, birthdates, Social Security numbers, banking details, and medical and driver’s license information. The lawsuit stated that Accellion failed to identify vulnerabilities in its FTA platform and implement necessary data security measures to secure clients and use classified information.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs. com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www. redskyalliance. org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www. wapacklabs. com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www. linkedin. com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p></div>Opening Day for MLB Cyber Attackshttps://redskyalliance.org/xindustry/opening-day-for-mlb-cyber-attacks2022-04-01T13:26:37.000Z2022-04-01T13:26:37.000ZMichael Brousseauhttps://redskyalliance.org/members/MichaelBrousseau<div><p><a href="{{#staticFileLink}}10254724297,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10254724297,RESIZE_400x{{/staticFileLink}}" alt="10254724297?profile=RESIZE_400x" width="250" /></a>The 2022 Major League Baseball season is set to kick off next week, which means fans everywhere are trying to gauge how their team stacks up to the competition. To prepare for the season Wapack Labs has skipped the analysis of Batting Averages, RBI’s, and On-Base Percentages in favor of measuring each team’s cyber security posture. </p>
<p>Horizon Actuarial Services, LLC provided notice regarding a data privacy incident that occurred on 12 November 2021. The incident involved the theft of data including names, birthdates, Social Security numbers, and health plan information. The incident occurred between 10 November and 11 November or 2021, when attackers gained access to two of Horizon Actuarial’s servers. After receiving an email from an account claiming to be the attacker, Horizon Actuarial contacted local law enforcement and began investigating the incident to determine the validity of the attacker's claims. The affected accounts include the Local 295 IBT Employer Group Welfare Fund and the Major League Baseball Players Benefit Plan. </p>
<p>A notice of the event was sent to the Plans on 13 January 2022, and notification to affected individuals was hitting mailboxes by 9 March 2022. To prevent the unauthorized dissemination of the information collected from the incident, Horizon Actuarial paid the attackers on the condition that the attackers agree to delete and not distribute the stolen information. Further actions to protect clients include providing customers with the option to enroll in complimentary identity monitoring services to prevent identity theft.</p>
<p><a href="{{#staticFileLink}}10254724489,original{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10254724489,RESIZE_400x{{/staticFileLink}}" alt="10254724489?profile=RESIZE_400x" width="400" /></a></p>
<p>Pictured below is a chart showing MLB team domains and the number of breach data hits shown in CTAC for the last 90 days. Clicking on the chart will show you the image larger.</p>
<p> Sparked by the attack on Horizon Actuarial and the upcoming baseball season, we were inspired to check our data collections using the Cyber Threat Analysis Center (CTAC) and RedXray tools from Wapack Labs to see if we could find useful information about the security posture of each Major League Baseball Team.</p>
<p>Using both CTAC and RedXray we were able to find some information about 28 of the 30 Major League Baseball teams. The information we acquired was in the “breach-data” dataset and shows how many credentials from each team’s domain were compromised or posted in a data breach on the dark web in the past 90 days.</p>
<p>Even though the league has 30 teams we only had data for 28 meaning the Cleveland Guardians and Seattle Mariners, the two teams missing from our chart did not yield any breach data from our collections. The Guardian's omission could be that the team changed their name from Indians to Guardians during the off-season. </p>
<p>A cursory look at the compromised accounts shows that the majority of the credentials belong to front office employees of the respective teams rather than Coaches, Players, or Team Managers.</p>
<p>Our initial hypothesis was that either the teams with the highest market value or lowest market value would have the most compromised credentials. The logic behind these two opposing hypotheses was the highest market teams would be the most lucrative targets for the attackers, and the lower market teams would lack the security infrastructure needed to protect information. What we found in our collections however does not support either hypothesis.</p>
<p>It appears that the attackers are opportunistic when breaching credentials and it does not matter which organization is targeted. It does however matter how complex the passwords are. In our data collections, we found that the majority of the compromised credentials included simple passwords. The average password policy requires a minimum length of 8 characters long, with at least one lowercase letter one upper case letter, one number, and one special character. Nearly 250 credentials were compromised across the league, and among the compromised credentials only 11 users had passwords that met the minimum criteria.</p>
<p>Attackers are becoming savvier in their password attacks. The implementation of a password policy is not new, and the requirements are often as previously described, an 8-character minimum, with at least one lowercase letter, one upper case letter, one number, and one special character. Attackers are aware of these requirements and have gone as far as to predict the location of the characters making passwords easier to crack. Password patterns are typically an uppercase letter followed by lowercase characters, forming a word, and then often end with between one and four numbers followed by a special character.</p>
<p>If it is time for your organization to update its password policy it is important to keep in mind that attackers are aware of the general requirements and have created patterns that allow them to successfully crack passwords, even when they are deemed “strong.” Strong passwords can still be cracked, especially if they are mismanaged. Using multi-factor authentication where applicable can help to protect your organization from password attacks.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/3702558539639477516">https://attendee.gotowebinar.com/register/3702558539639477516</a></p></div>COMBing Through Billions of Passwordshttps://redskyalliance.org/xindustry/combing-through-billions-of-passwords2021-05-17T13:50:15.000Z2021-05-17T13:50:15.000ZJonathon Sweeneyhttps://redskyalliance.org/members/JonathonSweeney<div><p><a href="{{#staticFileLink}}8938732855,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8938732855,RESIZE_400x{{/staticFileLink}}" width="250" alt="8938732855?profile=RESIZE_400x" /></a>The volume of breach data, or exposed user credentials, has significantly increased in recent years. The recent CompilationOfManyBreaches (COMB) breach was discovered in February 2021 and <u>contains more than 3 billion unique sets of stolen user credentials</u>. The name of the breach file is accurate in that it contains breach data from numerous historical and recent data breaches all combined into one dataset.</p>
<p>While the risk associated with historical passwords is lower, users often re-use passwords (especially more complex passwords) which means an attacker with this data would have a significant advantage in a cyber attack. There are many uses for stolen credentials including credential stuffing attacks, business email compromises (BEC), extortion and...</p>
<p>Read the full report here: <a href="{{#staticFileLink}}8938733279,original{{/staticFileLink}}">IR-21-134-001-CompilationOfManyBreaches (COMB).pdf</a></p>
<p> </p></div>T-Mobile Data Breach Disclosedhttps://redskyalliance.org/xindustry/t-mobile-data-breach-disclosed2021-01-05T16:58:01.000Z2021-01-05T16:58:01.000ZMac McKeehttps://redskyalliance.org/members/MacMcKee<div><p><a href="{{#staticFileLink}}8389433675,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8389433675,RESIZE_400x{{/staticFileLink}}" width="250" alt="8389433675?profile=RESIZE_400x" /></a>T-Mobile after completing its recent merger with Sprint, ended 2020 by announcing its second data breach of the year. T-Mobile US, Inc., doing business as T-Mobile, is an American wireless network operator. Its largest shareholder is the German telecommunications company Deutsche Telekom with a 43% share, with Japanese conglomerate holding company SoftBank Group partially owning the company as well at a 24% share. Its headquarters are located in Bellevue, Washington, in the Seattle metropolitan area. T-Mobile is the third-largest wireless carrier in the United States, with 100.3 million subscribers as of the end of Q3 2020.</p>
<p>The cell giant said in a notice buried on its website that it recently discovered unauthorized access to some customers’ account information, including the data that T-Mobile makes and collects on its customers in order to provide cell service. From the notice: “Our cybersecurity team recently discovered and shut down malicious, unauthorized access to some information related to your T-Mobile account. We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved. We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers.”</p>
<p>Known as customer proprietary network information (CPNI), this data can include call records, such as when a call was made, for how long, the caller’s phone number and the destination phone numbers for each call, and other information that might be found on the customer’s bill. But the company said that the hackers did not access names, home or email addresses, financial data and account passwords (or PINs).</p>
<p>A spokesperson for T-Mobile said the breach happened in early December, and affects about 0.2% of all T-Mobile customers or approximately 200,000 customers.</p>
<p>It is the latest security incident to hit the cell giant in recent years.</p>
<p>In 2018, T-Mobile said that as many as two million customers may have had their personal information scraped. A year later, the company confirmed hackers accessed records on another million prepaid customers. Just months into 2020, T-Mobile admitted to a breach on its email systems that saw hackers access some T-Mobile employee email accounts, exposing some customer data.</p>
<p>This breach was reported during the same time frame of the SolarWinds supply chain hack which is believed to have impacted as many as 250 government agencies and businesses. It was previously revealed that the list of victims included <a href="https://www.securityweek.com/vmware-cisco-reveal-impact-solarwinds-incident">major tech companies</a> such as Microsoft, Cisco and VMware, and <a href="https://www.securityweek.com/cyberattack-hit-key-us-treasury-systems-senator">U.S. government agencies</a> such as the State Department, Commerce Department, Treasury, DHS, and the National Institutes of Health.</p>
<p>Microsoft admitted recently that the attackers <a href="https://www.securityweek.com/microsoft-says-solarwinds-hackers-viewed-internal-code">gained access to some of its source code</a>, but the company claimed they could not have made any modifications to the code.</p>
<p>It is up to all organizations and businesses to protect themselves against cyber threats, attacks and ransomware demands. The largest companies in the world have recently admitted to having their systems and networks attacked. What will you do differently in 2021?</p>
<p>Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports. There are extensive reports on many of the threats mentioned in this article that can be found at <a href="https://redskyalliance.org/">https://redskyalliance.org</a>. There is no charge for these reports and articles posted.</p>
<p>What can you do to better protect your organization today? </p>
<ul>
<li>All data in transmission and at rest should be encrypted.</li>
<li>Proper data back-up and off-site storage policies should be adopted and followed.</li>
<li>Implement 2-Factor authentication company wide. (Read Multifactor Authentication or MFA)</li>
<li>Join and become active in your local Infragard chapter, there is no charge for membership. <a href="http://www.infragard.org/">infragard.org</a></li>
<li>Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Ensure that all software updates and patches are installed immediately.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network. </li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
</ul>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a>.</p>
<p><strong> </strong></p>
<p><strong>Reporting: </strong><a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p><strong>Website: </strong><a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></p>
<p><strong>LinkedIn: </strong><a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a></p>
<p><strong>Twitter: </strong><a href="https://twitter.com/wapacklabs?lang=en">https://twitter.com/wapacklabs?lang=en</a></p>
<p><strong>Weekly Cyber Intelligence Briefings: </strong></p>
<p><a href="https://attendee.gotowebinar.com/register/8782169210544615949">https://attendee.gotowebinar.com/register/8782169210544615949</a></p>
<p> </p>
<p><a href="{{#staticFileLink}}8389431875,original{{/staticFileLink}}">TR-21-005-001TMobile.pdf</a></p>
<p> </p>
<p> </p>
<p> </p></div>