Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Wednesday, October 6, 2021

Syniverse confirms long running breach of its global SMS network

In an SEC filing, Syniverse, which provides SMS connectivity services for nearly all mobile carriers, confirmed that a cyber breach discovered in May 2021 had been underway since May 2016.

Syniverse said an individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (“EDT”) environment was compromised for approximately 235 of its customers. All EDT customers have been notified and have had their credentials reset or inactivated, even if their credentials were not impacted by the incident. All customers whose credentials were impacted have been notified of that circumstance.

 In its filing, Syniverse also noted that AT&T Mobility generated 11.4% and 13.5% of its total revenues for the six months ended May 31, 2021 and the eleven months ended November 30, 2020, respectively. A significant amount of Syniverse’s remaining revenues were generated by a small number of additional customers, including Twilio. For the six months ended May 31, 2021, Syniverse’s top 10 carrier customers accounted for approximately 45% of its carrier revenue, and its top 10 enterprise customers accounted for approximately 53% of its enterprise revenue.

https://www.sec.gov/Archives/edgar/data/1839175/000119312521284329/d234831dprem14a.htm

Wednesday, August 25, 2021

AWS announces two cyber security initiatives

Amazon announced two cyber security initiatives that will be offered to the public in October:


  • Cybersecurity training materials it has developed to keep its employees and sensitive information safe from cyberattack. 

  • A free multi-factor authentication (MFA) device for AWS customers designed to further secure their environments. The free MFA token adds a layer of security to protect customers’ AWS accounts against phishing, session hijacking, man-in-the-middle, and malware attacks. Customers can also use their MFA devices to safely access multiple AWS accounts, as well as other token-enabled applications, such as GitHub, Gmail, and Dropbox.


Monday, August 16, 2021

T-Mobile US confirms major cyber breach

T-Mobile confirmed that unauthorized access to its IT systems had occurred, however, the company said it has not yet determined how much, if any, customer data had been stolen.

"We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others."


https://investor.t-mobile.com/news-and-events/t-mobile-us-press-releases/press-release-details/2021/TMobile-Cybersecurity-Incident-Update/default.aspx

Wednesday, August 11, 2021

Norton to acquire Avast, expanding consumer cyber solutions

NortonLifeLock reached a deal to acquire Avast, a provider of digital security and privacy services, in a stock transaction valued at approximately US$8.1 billion and US$8.6 billion, depending on Avast shareholders’ elections.

The companies say the deal will combine "Avast’s strength in privacy and NortonLifeLock’s strength in identity, creating a broad and complementary product portfolio, beyond core security and towards adjacent trust-based solutions". The merger is expected to result in approximately US$280 million of annual gross cost synergies.

“This transaction is a huge step forward for consumer Cyber Safety and will ultimately enable us to achieve our vision to protect and empower people to live their digital lives safely,” said Vincent Pilette, Chief Executive Officer of NortonLifeLock. “With this combination, we can strengthen our Cyber Safety platform and make it available to more than 500 million users. We will also have the ability to further accelerate innovation to transform Cyber Safety.”


https://s24.q4cdn.com/151081985/files/doc_presentations/2021/08/Combining-NortonLifeLock-and-Avast-IRDeck-FINAL.pdf

Tuesday, August 10, 2021

Mandiant acquires Intrigue for attack surface discovery/assessment

Mandiant, a part of FireEye, has acquired Intrigue, a start-up focused on attack surface management. Financial terms were not disclosed.

Intrigue offers an Open Platform For Comprehensive Asset Discovery and Risk-based Vulnerability Assessment. The company was founded in 2019 by Jonathan Cran, ex-Rapid7, Bugcrowd, and Kenna Security, developer of multiple leading security technologies, standards and frameworks.

Mandiant plans to integrated Intrigue’s attack surface management technology into the Mandiant Advantage platform, enabling organizations to discover, monitor, and manage risk across their entire attack surface.

“We are excited to welcome the Intrigue team to Mandiant. Intrigue is a strategic and immediately impactful addition to the Mandiant Advantage platform. Discovering and continuously monitoring the dynamic attack surface of a modern cloud-enabled organization is critical to assess risk and prioritize response,” said Colby DeRodeff, Chief Technology Officer, Mandiant Advantage. “Mandiant knows what adversaries are doing right now and what vulnerabilities they are currently exploiting. By combining this intelligence with the capabilities of Intrigue, we are rapidly evolving our customers' ability to efficiently manage risk and prioritize their resources.”

“The vision of Intrigue is to provide continuous, in-depth visibility of organizations' attack surface and risk,” said Jonathan Cran, Intrigue Founder and CEO prior to the acquisition. “We’re beyond excited to bring our capabilities to the Mandiant Advantage platform, accelerating and greatly expanding our mission-driven team's impact. I believe our combined capabilities will enable security teams to gain a significant edge against today's threats.”

https://www.fireeye.com/blog/products-and-services/2021/08/an-intriguing-update-to-mandiant-advantage.html


Tuesday, August 3, 2021

Juniper offer Zero Trust Cloud Workload Protection

Juniper Networks introduced a Zero Trust Data Center architecture to automatically defend application workloads in any cloud or on-premises data center environment against application exploits as they happen, including the Open Web Application Security Project (OWASP) Top 10 and memory-based attacks.

Juniper Cloud Workload Protection is a lightweight software agent that controls application execution and monitors the application’s behavior and context, with vulnerability remediation is done automatically without admin intervention. 

The company says its new product provides the following critical capabilities:

  • Signatureless Run-Time Application Self-Protection (RASP) provides real-time protection against attacks. It protects the application from malicious actions, such as exploitation and data theft, without any manual intervention, catching sophisticated attacks that endpoint detection (EDR) and web application firewall (WAF) solutions cannot.
  • Memory-Based Attack Prevention provides real-time protection against advanced memory-based attacks, including fileless, return-oriented programming (ROP) and buffer overflow attacks.
  • Vulnerability Detection continuously assesses vulnerabilities in applications and containers to detect serious and critical exploit attempts as they happen. Juniper Cloud Workload Protection delivers information on the exploit attempt to DevSecOps teams to better understand where the vulnerability exists, so they can remediate.
  • Comprehensive Telemetry provides rich application-level security event generation and reporting, including application connectivity, topology and detailed information about the attempted attack.
  • Optimized Control Flow Integrity (OCFI) technology minimizes false alerts by validating the execution of applications and detecting attacks without using behavior or signatures.
  • Zero Trust Microsegmentation shields application resources from lateral threat propagation and integrates with Juniper vSRX Virtualized Firewalls to restrict access based on risk, even as workloads and virtual environments change. Automated threat response with built-in, real-time telemetry helps security teams detect threats once and block them across the entire network.

https://blogs.juniper.net/en-us/security/connecting-and-protecting-applications-within-a-zero-trust-data-center-architecture-with-juniper-cloud-workload-protection

Nozomi raises $100 million for OT and IoT security

Nozomi Networks, a start-up based in San Francisco, announced a $100 million pre-IPO-funding round to help accelerate its OT and IoT security solutions.

The company said it plans to grow its sales, marketing and partner enablement efforts, and enhance its products to address new challenges in both the operational technology (OT) and internet of things (IoT) visibility and security markets. 

The Series D funding was led by Triangle Peak Partners and included Forward Investments, Honeywell Ventures, In-Q-Tel, Keysight Technologies, Porsche Ventures, and Telefónica Ventures.

“As we began the fund-raising process, many of the largest ecosystem partners in the world along with our customers recognized Nozomi Networks as the industry leader and requested the opportunity to invest in the company,” said Edgard Capdevielle, President and CEO of Nozomi Networks. “It’s the ultimate endorsement when not only a prestigious firm such as Triangle Peak Partners leads the investment, but customers and partners embrace Nozomi Networks and further validate our market leadership.”

“With the OT and IoT security market on the verge of explosive growth, Nozomi Networks has not only risen to the top but is strongly positioned to continue to outpace the market,” said Dain F. DeGroff, Co-founding Partner and President, Triangle Peak Partners.“The company’s consistently strong performance in combination with an impressive R&D model and its ability to scale quickly set itself apart. We’re excited to be a part of Nozomi Networks’ future.”


Thursday, July 29, 2021

Biden signs order on Cybersecurity for Critical Infrastructure

President Biden signed a National Security Memorandum (NSM) on “Improving Cybersecurity for Critical Infrastructure Control Systems”. There are two key parts:


  • Directs the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) and the Department of Commerce’s National Institute of Standards and Technology (NIST), in collaboration with other agencies, to develop cybersecurity performance goals for critical infrastructure. We expect those standards will assist companies responsible for providing essential services like power, water, and transportation to strengthen their cybersecurity.
  • Formally establishes the President’s Industrial Control System Cybersecurity (ICS) Initiative. The ICS initiative is a voluntary, collaborative effort between the federal government and the critical infrastructure community to facilitate the deployment of technology and systems that provide threat visibility, indicators, detections, and warnings. The Initiative began in mid-April with an Electricity Subsector pilot, and already over 150 electricity utilities representing almost 90 million residential customers are either deploying or have agreed to deploy control system cybersecurity technologies. The action plan for natural gas pipelines is underway, and additional initiatives for other sectors will follow later this year.

https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/fact-sheet-biden-administration-announces-further-actions-to-protect-u-s-critical-infrastructure/

Wednesday, July 21, 2021

BT makes equity investment in SAFE Security

BT announced a multi-million pound investment in Safe Security, cyber risk management firm based in Palo Alto, California.

The company's Security Assessment Framework for Enterprises') platform allows organisations to take a health check of their existing defences and understand their likelihood of suffering a major cyber attack.

Philip Jansen, Chief Executive of BT, said: "Cyber security is now at the top of the agenda for businesses and governments, who need to be able to trust that they're protected against increasing levels of attack. Adding SAFE to BT's proactive, predictive security services will give customers an enhanced view of their threat level, and rapidly pinpoint specific actions needed to strengthen their defences. Already one of the world's leading providers in a highly fragmented security market, this investment is a clear sign of BT's ambition to grow further."

Saket Modi, Co-founder and CEO of Safe Security, said: "We're delighted to be working with a proven global security leader in BT. Their investment and strategic partnership with Safe Security will further accelerate our vision of making SAFE scores the industry standard for measuring and mitigating cyber risks. By aligning BT's global reach and capabilities with SAFE's ability to provide real-time visibility on cyber risk posture, we are going to fundamentally change how cyber security is measured and managed across the globe."    

https://www.safe.security/

Wednesday, June 30, 2021

SentinelOne completes highest-valued cybersecurity IPO

SentinelOne, a cybersecurity firm based in Mountain View, California, completed an initial public offering of 35,000,000 shares of its Class A common stock at a public offering price of $35.00 per share, raising $1.2 billion for the firm. 

The shares, which are listed on the New York Stock Exchange under the ticker symbol "S", closed on 30-June-2021 at $42.50, giving the company a market cap of over $10 billion.

Thursday, June 24, 2021

 Illumio raises $225 million for its Zero Trust Segmentation

Illumio, a start-up based in Sunnyvale, California, announced a $225 million Series F funding round at a $2.75 billion valuation for its Zero Trust Segmentation solutions. 

Illumio says its Zero Trust Segmentation SaaS platform delivers automated enforcement in minutes, dramatically reducing risk by stopping successful cyberattacks and ransomware from moving to other applications, clouds, containers, data centers, and endpoints. Th company claims many Fortune 100 companies and hundreds of global enterprises as customers, including the three top enterprise SaaS companies, five of the leading insurance companies, and six of the ten biggest banks in the world.

The round was led by Thoma Bravo and is also supported by Franklin Templeton, funds managed by Hamilton Lane, and Owl Rock, a division of Blue Owl Capital.

“Adopting Zero Trust strategies has never been more important for organizations across all industries, as the Biden Administration’s recent cybersecurity Executive Order demonstrates. This investment signals that now is the time to reimagine the cybersecurity model as we know it, with Zero Trust Segmentation playing a fundamental role in this strategic shift,” said Andrew Rubin, CEO and co-founder of Illumio. “With this funding, we will accelerate our innovation in product and engineering, further invest in customer success, and build upon our global partner strategy.”



Tuesday, June 15, 2021

Nokia: Most DDoS attacks originate from under 50 hosting companies

In-depth analysis provided by Nokia Deepfiled across large sample of networks globally finds that majority of DDoS attacks originate from fewer than 50 hosting companies and regional providers.

Nokia said its study examined service provider network traffic encompassing thousands of routers on the internet between January 2020 and May 2021. Among the findings, which were presented by Dr. Craig Labovitz, Nokia Deepfield CTO, at NANOG82: more than 100% increase in daily DDoS peak traffic in this time period; newly identified DDoS threat potential over 10 Tbps – four to five times higher than the largest current attacks reported – due to rapidly growing number of open and insecure internet services and IoT devices.

Dr. Craig Labovitz, CTO, Nokia Deepfield, said: “It is equally important for every participant in the network security ecosystem – end users, vendors, service providers, cloud builders, regulators and governments – to understand the dangers DDoS poses to the availability of internet content, applications and critical connectivity services. With this knowledge and a community commitment to solving the DDoS problem, we can go a long way towards making our networks, services and subscribers more secure.”

  • In an environment where attackers constantly leverage opportunistic resources to source their attacks, Nokia Deepfield found in the past 15 months accessibility of DDoS for hire services has increased the threat potential of the existing botnet, IoT and cloud-based attack models. 
  • The results trace the origins of most of the high-bandwidth, high-intensity (volumetric) attacks to a limited number of internet domains, finding that most global DDoS attacks (by frequency and traffic volume) originate in less than 50 hosting companies and regional providers.
  • As COVID lockdown measures were implemented in 2020, Nokia Deepfield noticed a 40-50% increase in DDoS traffic. The continued increases in intensity, frequency and sophistication of DDoS attacks have resulted in a 100% increase in the “high watermark levels” of DDoS daily peaks – from 1.5 Tbps (January 2020) to over 3 Tbps (May 2021).

The report is posted here:

https://www.nokia.com/networks/solutions/deepfield/network-intelligence-report/

Monday, June 14, 2021

Defense Info Systems Agency awards $1.8 billion contract to Cisco

The U.S. Defense Information Systems Agency awarded a contract valued at $1.8 billion to Cisco for Cisco Smart Net Total Care and Software Support Services for users across the Department of Defense.  

The period of performance is a one-year base period and two one-year option periods, for a total contract life cycle of three years. 


https://www.defense.gov/Newsroom/Contracts/Contract/Article/2657500/

Wednesday, June 2, 2021

Investment group acquires FireEye Products business for $1.2 billion

A consortium led by Symphony Technology Group (STG) will acquire the FireEye Products business, including the FireEye name, in an all-cash transaction for $1.2 billion.

The transaction, which is expected to close by the end of the fourth quarter of 2021, will separate FireEye’s network, email, endpoint, and cloud security products, along with the related security management and orchestration platform, from Mandiant’s controls-agnostic software and services.

“We believe this separation will unlock our high-growth Mandiant Solutions business and allow both organizations to better serve customers,” said FireEye Chief Executive Officer Kevin Mandia. “After closing, we will be able to concentrate exclusively on scaling our intelligence and frontline expertise through the Mandiant Advantage platform, while the FireEye Products business will be able to prioritize investment on its cloud-first security product portfolio. STG’s focus on fueling innovative market leaders in software and cybersecurity makes them an ideal partner for FireEye Products. We look forward to our relationship and collaboration on threat intelligence and expertise.”

“We are extremely impressed by the FireEye Products business and the mission critical role it plays for its customers,” said William Chisholm, Managing Partner at STG. “We believe that there is enormous untapped opportunity for the business that we are excited to crystallize by leveraging our significant security software sector experience and our market leading carve-out expertise.”

Mandiant Solutions has established its position as the market leader in threat intelligence and cybersecurity expertise from the front lines, serving enterprises, governments and law enforcement agencies worldwide. 

FireEye pioneered the advanced threat detection market with the introduction of its Multi-Vector Execution (MVX) engine for network security.

FireEye Acquires Mandiant for $1 Billion

FireEye acquired privately held Mandiant in a transaction valued at around $1 billion.  The deal consists of 21.5 million newly issued shares (NASDAQ: FEYE), options to purchase shares of FireEye stock, and approximately $106.5 million of net cash to the former Mandiant security holders. Mandiant is a leading provider of advanced endpoint security products and security incident response management solutions. It has more than two million endpoints...


Wednesday, May 12, 2021

Biden's cybersecurity order mandates zero-trust for federal networks

In the wake of recent cybersecurity incidents, notably SolarWinds, Microsoft Exchange, and Colonial Pipeline, President Biden signed an executive order aimed at improving the nation's cybersecurity posture. 

Here are the highlights:

Remove Barriers to Threat Information Sharing Between Government and the Private Sector. The Executive Order ensures that IT Service Providers are able to share information with the government and requires them to share certain breach information. 

Modernize and Implement Stronger Cybersecurity Standards in the Federal Government. The Executive Order helps move the Federal government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period.  The Federal government must increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.

Improve Software Supply Chain Security. The Executive Order will improve the security of software by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available. It stands up a concurrent public-private process to develop new and innovative approaches to secure software development and uses the power of Federal procurement to incentivize the market. Finally, it creates a pilot program to create an “energy star” type of label so the government – and the public at large – can quickly determine whether software was developed securely. 

Establish a Cybersecurity Safety Review Board. The Executive Order establishes a Cybersecurity Safety Review Board, co-chaired by government and private sector leads, that may convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity. 

Create a Standard Playbook for Responding to Cyber Incidents. The Executive Order creates a standardized playbook and set of definitions for cyber incident response by federal departments and agencies. The playbook will ensure all Federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat.  The playbook will also provide the private sector with a template for its response efforts.

Improve Detection of Cybersecurity Incidents on Federal Government Networks. The Executive Order improves the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the Federal government.

Improve Investigative and Remediation Capabilities. The Executive Order creates cybersecurity event log requirements for federal departments and agencies. 

https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/

Tuesday, May 11, 2021

ADVA FSP 150 multi-layer demarc adds MACsec encryption

ADVA announced an upgraded FSP 150 multi-layer demarcation solution with precise timing and MACsec encryption capabilities.

The new member of the ADVA FSP 150 programmable demarcation and edge compute portfolio supports 10 Gbps MEF 3.0 Carrier Ethernet and IP services, provides precise synchronization capabilities and now features hardware-based encryption. 

“Our FSP 150-XG118Pro (CSH) provides a simple and affordable route to high-capacity Carrier Ethernet connectivity with the highest levels of data protection. Unique in our industry, this compact and cost-efficient device combines demarcation, edge compute, synchronization and encryption,” said James Buchanan, GM, Edge Cloud, ADVA. “No other single solution offers all the features of our FSP 150-XG118Pro (CSH). Straight out of the box, it delivers data encryption compliant with the strictest standards in the industry, including FIPS 140-3. Our FSP 150-XG118Pro (CSH) has multi-layer demarcation capabilities as well as precise synchronization delivery. What’s more, its edge computing capabilities and open SDN control make it a key component for industrial IoT applications.”

https://www.adva.com/en/newsroom/press-releases/20210511-adva-adds-encryption-to-flagship-10g-edge-device

Sunday, May 9, 2021

Cyber attack on U.S. fuel pipeline may be most serious to date

The Colonial Pipeline Company, the leading fuel pipeline operator in the United States responsible for transporting over 100 million gallons of fuel daily, confirmed that it is the target of a ransomware attack.

On Friday, the company was forced to take IT systems offline to contain the threat, effectively halting all pipeline operations. 

Colonial Pipeline supplies an estimated 45% of the fuel for the East Coast of the United States.

As of Sunday evening, Colonial Pipeline had not yet established a timeline for when operations would be restored.

Media reports attribute the attack to a criminal organization known as DarkSide and not a nation-state.

Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, states "We are engaged with the company and our interagency partners regarding this situation. This underscores the threat that ransomware poses to organizations regardless of size or sector. "

Thursday, April 29, 2021

Vectra AI raises $130 million for automated threat detection/response

Vectra AI, a start-up based in San Jose, California, announced $130 million in new funding for its work in automated cyber threat detection and response. The company's mission is "to see and stop threats before they become breaches."

“Over the past year, we have witnessed a continuous series of the most impactful and widespread cyberattacks in history. To protect their employees and digital assets, our customers require security solutions that are smarter than today’s adversaries and provide coverage for cloud, data centers and SaaS applications” said Hitesh Sheth, president and chief executive officer at Vectra. “As we look to the future, Blackstone’s global presence, operational resources, and in-house technology expertise will help us achieve our mission to become one of the dominant cybersecurity companies in the world.”

The new $130 funding round was led by funds managed by Blackstone Growth. This brings Vectra's total funding since inception to more than $350 million at a post-money $1.2 billion valuation.

Viral Patel, a Senior Managing Director at Blackstone, said: “Vectra has a proven ability to stop in-progress attacks in the cloud, on corporate networks, and in private data centers for some of the top organizations in the world. The company has experienced extraordinary success through its commitment to combining innovative AI technology, first-class customer service, and top talent, and Blackstone is excited to become part of the Vectra team.”

For 2020, the Vectra reported a compound annual growth rate (CAGR) exceeding 100 percent, while sales of its Cognito Detect product for Microsoft Office 365 have grown at a rate of over 700 percent. 

http://www.vectra.ai

  • Vectra AI is headed by Hitesh Sheth (president and CEO), who previously was chief operating officer at Aruba Networks. Hitesh joined Aruba from Juniper Networks, where he was EVP/GM for its switching business and before that, SVP for the Service Layer Technologies group, which included security. Prior to Juniper, Hitesh held a number of senior management positions at Cisco.

Monday, April 19, 2021

Dutch report: Huawei backdoor into KPN's mobile network

The Dutch newspaper Volksrant published a report alleging that Huawei had full access to KPN's mobile subscriber traffic as far back as 2010. 

The report states that although KPN was aware that Huawei had gained uncontrolled and unauthorized access to the core of the KPN mobile network, the company did not disclose the security threat to the public. 

The story is picked up by other leading European news media.

For its part, Huawei has denied the allegations, saying it never had access to the prime minister's phone conversations nor those of anyone else in the country. 


KPN picks Ericsson for 5G core


 KPN has awarded a five year contract to Ericsson to deploy dual-mode 5G Core software with full support services, including an accompanying systems integration program with third-line support services.

The secure cloud-native dual-mode Ericsson 5G Core will allow KPN to meet increasing data demands of customers in existing consumer markets, as well as pursue new 5G innovation opportunities in emerging enterprise segments supported by enhanced network slicing capabilities. 

Arun Bansal, President of Europe and Latin America, Ericsson, says: ”We are pleased to expand our 100-year partnership with KPN through our technology-leading 5G Core solutions. We will work closely with KPN to ensure that consumers and enterprises in the Netherlands can benefit from the emerging opportunities of 5G as it embraces digitalization. Ericsson’s cloud-native dual-mode 5G Core provides the cutting-edge, container-based, microservice architecture that will help KPN to both develop new business models as well as move onto the next level of network operational efficiency.”

Monday, April 12, 2021

Biden nominates National Cyber Director and CISA Director

 President Biden will nominate Chris Inglis as the firstNational Cyber Director and Jen Easterly as the Director of the Cybersecurity and Infrastructure Agency. 


John Chris Inglis is a former Deputy Director of the National Security Agency.

Jen Easterly is a former Army intelligence officer and currently Head of Firm Resilience and the Fusion Resilience Center at Morgan Stanley.

https://www.whitehouse.gov/