According to NIST’s IT Asset Management , the typical asset lifecycle goes through the enrollment, operation, and end-of-life phases. IT assets include magnetic and optical media (hard drives, DVDs, USB flash drives, and SD cards) and components found in internet-connected devices. Examples include mobile devices (smartphones, tablets, and PDAs), laptops, desktops, servers, networking devices (routers and switches), scanners, copiers, printers, fax machines, and Internet of Things (IoT) devices (surveillance cameras and smart door locks). As the requirement to retire and upgrade IT assets increases, organizations and individuals may not know of how to properly “dispose” IT assets and data during the end-of-life phase. Once an IT asset reaches the disposal phase, it is prepared for both data removal and physical removal.
Decommissioning is the process of removing or retiring an old or obsolete IT asset from service and sanitizing the data from the media. When decommissioning IT assets, it is critical to properly sanitize, or wipe, all data securely from the media to help protect personally identifiable information (PII), sensitive data, and corporate information from unauthorized access. The sanitization method to be used depends on the type of storage media, the classification and sensitivity of the data which it stores, and the purpose of the media after it is sanitized.
The sanitization process removes information from the media, such that the information cannot be retrieved or reconstructed. Sanitization techniques—including clearing, purging, cryptographic erase, and physical destruction—prevent the disclosure of information to unauthorized individuals when such media is reused or released for disposal (such as recycling, reselling, donating, or discarding in the trash). Several key factors for improper disposition include disorder, lack of organization, and maintaining a chain of custody often required by industry regulations. IT asset disposition (ITAD) services or reputable electronic waste (e-waste) vendors are frequently used by organizations and individuals to certify their data has not been compromised in the disposition of their IT assets.
Routers and printers with limited storage can hold sensitive information, such as ownership data, IP topology maps, pointers to external data stores, vendor network connection data, VPN details, trusted credentials, “crackable” or reusable administrator login credentials, cryptographic keys, and application-specific data. For example, the ESET cybersecurity firm discovered discarded Cisco, Fortinet, and Jupiter Networks’ enterprise routers that were not properly sanitized and contained configuration data. The routers also contained sensitive corporate information, such as IPsec or VPN credentials, hashed root passwords, customer information, data allowing third-party connections to the network, credentials for connecting to other networks, router-to-router authentication keys, and connection details for specific applications. Also, Canon warned users of home, office, and large format inkjet printers that their Wi-Fi connection settings in memory storage were not wiped as anticipated during the initialization process. Typical settings for these devices include network SSID, password, network type, assigned IP address, MAC address, and network profile. A threat actor could use this information to gain unauthorized access to the network that the printer was connected to, access shared resources, steal data, and perform other cyberattacks.
Additionally, Rapid7 security researchers discovered discarded medical infusion pumps sold on secondary markets, such as eBay, that exposed sensitive information, including access credentials and wireless authentication data from their previous owners. The information can then be used to gain internal access to the original owner’s network, exploit other vulnerable devices on the network, distribute malware or ransomware, or access and exfiltrate personal health information (PHI).
Failure to sanitize data and properly dispose of IT assets creates security vulnerabilities, privacy and industry regulatory violations, financial impacts, reputational damage, or environmental implications and could undermine cybersecurity controls and efforts in place. Furthermore, mission-critical or regulated data found on improperly disposed IT assets could be used for malicious purposes and have devastating consequences. The exposed information can provide insight into the overall security defenses of the device’s original owner, providing threat actors the means to target specific “crown jewel” assets, impersonate users, infiltrate networks or internal hosts, sell the information on the dark web marketplace, and more.
This Cybersecurity Framework Profile (Profile) has been developed for the Electric Vehicle Extreme Fast Charging (EV/XFC) ecosystem and the subsidiary functions that support each of the four domains: (i) Electric Vehicles (EV); (ii) Extreme Fast Charging (XFC); (iii) XFC Cloud or Third-Party Operations; (iv) and Utility and Building Networks. The document provides a foundation that relevant parties may use to develop profiles specific to their organization to assess their cybersecurity posture as a part of their risk management process. This non-regulatory, voluntary profile is intended to supplement, not replace, an existing risk management program or the current cybersecurity standards, regulations, and industry guidelines that are in current use by the EV/XFC industry.
Purpose
The EV/XFC Cybersecurity Framework Profile is designed to be part of an enterprise risk management program to aid organizations in managing threats to systems, networks, and assets within the EV/XFC ecosystem. The EV/XFC Cybersecurity Framework Profile is not intended to serve as a solution or compliance checklist. Users of this profile will understand that its application cannot eliminate the likelihood of disruption or guarantee some level of assurance.
Use of the Profile will help organizations:
Identify key assets and interfaces in each of the ecosystem domains.
Address cybersecurity risk in the management and use of EV/XFC services.
Identify the threats, vulnerabilities, and associated risks to EV/XFC services, equipment, and data.
Apply protection mechanisms to reduce risk to manageable levels.
Detect disruptions and manipulation of EV/XFC services.
Respond to and recover from EV/XFC service anomalies in a timely, effective, and resilient manner.
Submit Comments
The public comment period closes at 11:59 p.m. EDT on Monday, August 28, 2023. Please email all draft comments to evxfc-nccoe@nist.gov. We encourage you to submit all feedback using the comment template found on our project page.
Join the Community of Interest
If you have expertise in EV/XFC and/or cybersecurity, consider joining the Community of Interest (COI) to receive the latest project news and announcements. Email the team at evxfc-nccoe@nist.gov declaring your interest or complete the sign-up form on our project page.
The cybersecurity industry needs an additional 3.4 million skilled workers to protect against rising digital crime. Your company can use Microsoft Defender Experts for XDR, a managed extended detection and response (MXDR) service, to fill in this workforce gap. Defender Experts for XDR elevates threat-detection capabilities using AI technology combined with human expertise to help you create a strategic plan to prevent future attacks. In this webinar, you will get real-life insights into how managed XDR can help your business: Merge human expertise and AI capabilities to detect, contain, and resolve threats faster Protect email, identity, cloud apps, and endpoint systems Improve efficiency by reducing false detection and providing around-the-clock coverage Register now to enhance your cyber-protection capabilities with managed XDR. Thursday, September 7, 2023 11:00 AM Pacific Time / 2:00 PM Eastern Time
Manufacturing supply chains are increasingly critical to maintaining the health, security, and the economic strength of the United States. As supply chains supporting critical infrastructure become more complex and the origins of products become harder to discern, efforts are emerging that improve traceability of goods by exchanging traceability data records using distributed ledger and other blockchain-related technologies.
This publication introduces the concept of a manufacturing supply chain “traceability chain,” which is comprised of a series of manufacturing traceability records written to industry- specific ecosystem blockchain-related technologies. The traceability chain is intended to provide supply chain visibility from end-user to original components. The Project Description describes a Traceability Chain Minimum Viable Product (MVP) reference implementation as a starting point for further research and refinement. NCCoE cybersecurity experts will address this challenge through collaboration with a Community of Interest, including vendors of cybersecurity solutions. The resulting reference design will detail an approach that can be incorporated across multiple sectors.
To learn more about the decentralized data approach to help secure supply chains in manufacturing and critical infrastructure sectors, visit our project page.
Get Engaged
You can continue to help shape and contribute to this and future projects by joining the NCCoE’s Blockchain Community of Interest here.
Contact Us:
If you have any questions, please reach out to the NCCoE Blockchain team at blockchain_nccoe@nist.gov.
Each year, organizations face tens of billions of malware, phishing, and credential threats—with real-world impacts. When an attack succeeds, it can result in grave impacts on any industry. For example, it could delay a police or fire department’s response to an emergency, prevent a hospital from accessing lifesaving equipment or patient data, or shut down a business and hold an organization’s intellectual property hostage.
Managing a security incident involves technical complexities, unknown variables—and often, frustration. Many organizations face a lack of specialized incident response knowledge, long breach resolution times, and difficulty improving their security posture due to ongoing demands on their stretched cybersecurity resources. Microsoft Incident Response is committed to partnering with organizations to combat the growing threat. Our team of experts has the knowledge and experience to help you quickly and effectively respond to any security incident, regardless of its size or complexity.
Microsoft Incident Response
Strengthen your security with an end-to-end portfolio of proactive and reactive incident response services.
Protecting customers is core to Microsoft’s mission. That’s why our worldwide Microsoft Incident Response service exists. Provided by Microsoft’s Incident Response team with exceptional skills and expertise in the field in helping organizations detect, respond, and recover from cybersecurity incidents, we mobilize within hours of an incident to help customers remove bad actors, build resilience for future attacks, and mend your defenses.
We’re global: Our Microsoft Incident Response team is available to customers around the clock. We serve 190 countries and resolve attacks from the most sophisticated nation-state threat actor groups down to rogue individual attackers.
We have unparalleled expertise: Since 2008, we’ve provided our customers with incident response services that leverage the full depth and breadth of Microsoft’s entire threat intelligence network, and unparalleled access to our product engineering teams. These security defenders work in concert to help protect the platforms, tools, services, and endpoints that support our online lives.
We’re backed by threat intelligence: Microsoft Incident Response conducts intelligence-driven investigations that tap into the 65 trillion signals collected every day, and track more than 300 unique threat actors, including 160 nation-state actors, 50 ransomware groups, and hundreds of others to detect, investigate, and respond to security incidents. These data signals and our deep knowledge of current threat actors are used to create a threat intelligence feedback loop, which imposes costs on the actors themselves. By sharing information with other organizations and law enforcement agencies, the team helps to disrupt the attackers’ operations and make it more difficult for them to carry out their attacks. The team is committed to continuing to work with its partners to make the internet a safer place for everyone.
We collaborate: Microsoft Incident Response has been collaborating with government agencies and global security organizations to fight cybercrime everywhere it lurks for more than 15 years. Our long-term relationships have spanned the biggest attack recoveries around the globe, and our experience collaborating across internal and external teams helps us to swiftly cut through red tape and resolve critical, urgent security problems for our customers.
Our Microsoft Incident Response team members span several roles to give customers complete and deep expertise to investigate and secure their environment post-security breach and to help prevent a breach in the first place. This team has helped customers of all sizes and industries respond to and recover from cyberattacks. Here are a few examples of how we have helped customers:
In 2022, we helped the Government of Albania recover from a sophisticated cyberattack. The attack was carried out by a state-sponsored actor, and it involved both ransomware and a wiper. We were able to help the government isolate the affected systems, remove the attackers, and restore its systems to full functionality.
In 2021, we helped a large financial services company respond to a ransomware attack. The attack was particularly damaging, as it encrypted the company’s customer data. We were able to help the company decrypt the data and restore its systems to full functionality.
In 2020, we helped a healthcare organization respond to a phishing attack. The attack resulted in the theft of patient data. We were able to help the organization identify the compromised accounts, reset the passwords, and implement additional security controls to prevent future attacks.
These are just a few examples of how the Microsoft Incident Response team has helped customers. We are committed to helping our customers minimize the impact of a cyberattack and restore their systems to full functionality as quickly as possible. Figure 1 shows an example of an anonymized customer journey with Microsoft Incident Response.
Figure 1. This image depicts a customer journey based on a typical ransomware scenario where the customer engaged Microsoft to assist with initial investigation and Entra ID recovery. It outlines four phases: collaboration and tool deployment (green), reactive incident response (blue), recovery with attack surface reduction and eradication plan (red), and compromise recovery with strategic recommendations for modernization (green). The journey involves hardening, tactical monitoring, and presenting modernization recommendations at the end of the Microsoft engagement.
What Microsoft Incident Response does
Up to 83 percent of companies will experience a data breach sometime. Stolen or compromised credentials are both the most common attacks and take the longest to identify (an average of 327 days).1 We’ve seen the alarming volume of password attacks rise to an estimated 921 attacks every second—a 74 percent increase in just one year.2 Our first step when a customer calls during a crisis is to assess their current situation and understand the scope of the incident. Over the years, our team has dealt with issues from crypto malware making an entire environment unavailable to a nation-state attacker maintaining covert administrative persistence in an environment. We work with a customer to identify the line of business apps affected and get systems back online. And as we work through the scope of the incident, we gain the knowledge our experts need to move to the next stage of managing an incident: compromise recovery.
Contrary to how ransomware is sometimes portrayed in the media, it is rare for a single ransomware variant to be managed by one end-to-end “ransomware gang.” Instead, there are separate entities that build malware, gain access to victims, deploy ransomware, and handle extortion negotiations. The industrialization of the criminal ecosystem has led to:
Access brokers that break in and hand off access (access as a service).
Malware developers that sell tooling.
Criminal operators and affiliates that conduct intrusions.
Encryption and extortion service providers that take over monetization from affiliates (ransomware as a service).
All human-operated ransomware campaigns share common dependencies on security weaknesses. Specifically, attackers usually take advantage of an organization’s poor cyber hygiene, which often includes infrequent patching and failure to implement multifactor authentication.
While every breach recovery is different, the recovery process for customers is often quite similar. A recovery will consist of scoping the compromise, critical hardening, tactical monitoring, and rapid eviction. For example, our experts conduct the following services:
Restore directory services functionality and increase its security resilience to support the restoration of business.
Conduct planning, staging, and rapid eviction of attackers from their known span of control, addressing identified accounts, backdoors, and command and control channels.
Provide a baseline level of protection and detection layers to help prevent a potential re-compromise and to increase the likelihood of rapid detection should there be an indicator of re-compromise in the environment.
To mitigate a compromise, it is important to understand the extent of the damage. This is similar to how doctors diagnose patients before prescribing treatment. Our team can investigate compromises that have been identified by Microsoft or a third party. Defining the scope of the compromise helps us avoid making unnecessary changes to the network. Compromise recovery is about addressing the current attacker. Our team uses the following model to do this: Authentication (who performed the actions?), Access (where did the actions originate from?), and Alteration (what was changed on the system?).
Our teams then work to secure the assets that matter most to organizations, such as Active Directory, Exchange, and Certificate Authorities. Next, we secure the admin path. Simply put, we make sure you, our customers, regain administrative control of your environment. A daunting 93 percent of our investigations reveal insufficient privilege access controls, including unnecessary lateral movement.2 Because our large team of experts helps so many customers, we understand what works well to secure an environment quickly. When it comes to tactical, swift recovery actions, we focus on what is strictly necessary for you to take back control first, then move on to other important security measures like hardening high-impact controls to prevent future breaches and putting procedures in place to ensure control can be maintained.
The assessment, containment, and recovery activities are the critical, immediate, and reactive services our experts deploy to help minimize breach impact and regain control. But our proactive services can help customers maintain that control, improve their security stance, and prevent future incidents.
All this expertise is supported by using a number of technologies that are proprietary to Microsoft.
What technologies we leverage
Microsoft products and services, proprietary and forensic tools, and data sourced from the breach incident all help our team act faster to minimize the impact of an incident. Combined with our on-demand specialized experts and our access to threat landscapes across different industries and geographies, these scanning and monitoring tools are part of a comprehensive security offense and defense.
For point-in-time deep scanning:
Proprietary incident response tooling for Windows and Linux.
Forensic triage tool on devices of interest.
Entra ID security and configuration assessment.
Additional Azure cloud tools.
For continuous monitoring:
Microsoft Sentinel—Provides a centralized source of event logging. Uses machine learning and artificial intelligence.
Microsoft Defender for Endpoint—For behavioral, process-level detection. Uses machine learning and artificial intelligence to quickly respond to threats while working side-by-side with third-party antivirus vendors.
Microsoft Defender for Identity—For detection of common threats and analysis of authentication requests. It examines authentication requests to Entra ID from all operating systems and uses machine learning and artificial intelligence to quickly report many types of threats, such as pass-the-hash, golden and silver tickets, skeleton keys, and many more.
Microsoft Defender for Cloud Apps—A cloud access security broker that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services.
Figure 2. This top-down image diagram highlights the Microsoft Incident Response team’s broad visibility with various icons representing distinct aspects of the Microsoft tool advantages. The left column shows how Microsoft Incident Response proprietary endpoint scanners combine with enterprise data, including Active Directory configuration, antivirus logs, and global telemetry from Microsoft Threat Intelligence, which analyzes over 6.5 trillion signals every day to identify emerging threats to protect customers. The blue second column titled Continuous Monitoring illustrates how the team utilizes the toolsets of the Microsoft Defender platform, including Microsoft Defender for Office 365, Microsoft Defender for Endpoint, Microsoft Defender for Cloud Apps, Microsoft Defender for Identity, Microsoft 365 Defender, Microsoft Sentinel, Microsoft Defender Experts for Hunting, and Microsoft Defender for Cloud. Incident response teams collaborate with different teams and technologies and utilize deep scans with proprietary toolsets, while also continuously monitoring the environment through Microsoft Defender.
A tenacious security mindset
Incident response needs vary by customer, so Microsoft Incident Response service options are available as needed or on a retainer basis, for proactive attack preparation, reactive crisis response, and compromise recovery. At the end of the day, your organization’s cybersecurity is mostly about adopting a tenacious security mindset, embraced and supported by everyone in the organization.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.
Today, NIST is officially unveiling our new Cybersecurity Framework (CSF) 2.0 Reference Tool. This resource allows users to explore the Draft CSF 2.0 Core (Functions, Categories, Subcategories, Implementation Examples) and offers human and machine-readable versions of the draft Core (in both JSON and Excel formats). Currently, the tool allows users to view and export portions of the Core using key search terms. This tool will ultimately enable users to create their own version of the CSF 2.0 Core with selected Informative References and will provide a simple and streamlined way for users to explore different aspects of the CSF Core.
NIST will continue to add additional features to the CSF 2.0 Reference Tool in the coming months (for example, Informative References will be added once CSF 2.0 is finalized in early 2024, which will help to show the connection between the CSF and other cybersecurity frameworks, standards, guidelines, and resources).
Other Important News:
Last week, NIST released a Draft of the NIST Cybersecurity Framework 2.0. The CSF 2.0 draft reflects several major changes, including: an expanded scope, the addition of a sixth function, Govern, and improved and expanded guidance on implementing the CSF—especially for creating profiles. Public comments will be accepted via cyberframework@nist.gov until Friday, November 4, 2023.
Save the Date: A hybrid Fall workshop will be held on September 19-20, 2023—and will include options for virtual and in-person attendance—at the NIST National Cybersecurity Center of Excellence (registration will open soon).The workshop will serve as another opportunity for the public to provide feedback and comment.
Thank you for sharing in our excitement and for being such an important part of this process. As always, please continue to visit our Journey to CSF 2.0 website for important news, updates, and documents in the coming months—and follow us on X via @NISTcyber.
The Cybersecurity and Infrastructure Security Agency (CISA) has published four Malware Analysis Reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. It was exploited as a zero day as early as October 2022 to gain access to ESG appliances. According to industry reporting, the actors exploited the vulnerability to gain initial access to victim systems and then implanted backdoors to establish and maintain persistence.
CISA analyzed backdoor malware variants obtained from an organization that had been compromised by threat actors exploiting the vulnerability.
WHIRLPOOL – WHIRLPOOL is a backdoor that establishes a Transport Layer Security (TLS) reverse shell to the Command-and-Control (C2) server. Barracuda Exploit Payload and Backdoor – The payload exploits CVE-2023-2868, leading to dropping and execution of a reverse shell backdoor on ESG appliance. The reverse shell establishes communication with the threat actor’s command and control (C2) server, from where it downloads the SEASPY backdoor to the ESG appliance. The actors delivered the payload to the victim via a phishing email with a malicious attachment. SEASPY – SEASPY is a persistent and passive backdoor that masquerades as a legitimate Barracuda service. SEASPY monitors traffic from the actor’s C2 server. When the right packet sequence is captured, it establishes a Transmission Control Protocol (TCP) reverse shell to the C2 server. The shell allows the threat actors to execute arbitrary commands on the ESG appliance. SUBMARINE – SUBMARINE is a novel persistent backdoor executed with root privileges that lives in a Structured Query Language (SQL) database on the ESG appliance. SUBMARINE comprises multiple artifacts—including a SQL trigger, shell scripts, and a loaded library for a Linux daemon—that together enable execution with root privileges, persistence, command and control, and cleanup. CISA also analyzed artifacts related to SUBMARINE that contained the contents of the compromised SQL database. This malware poses a severe threat for lateral movement.
For more information, including indicators of compromise and YARA rules for detection, on the exploit payload, SEASPY, and SUBMARINE backdoor, see the following Malware Analysis Reports:
Juniper has released a security advisory to address vulnerabilities in Junos OS on SRX Series and EX Series. A remote cyber threat actor could exploit these vulnerabilities to cause a denial-of service condition.
CISA encourages users and administrators to review Juniper’s Support Portal and apply the necessary updates.
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24.
This bulletin only applies to customer-managed ShareFile storage zones controllers. Customers using ShareFile-managed storage zones in the cloud do not need to take any action.
The issue has been given the following identifier:
CVE ID
Affected Products
Description
Pre-requisites
CWE
CVSS
CVE-2023-24489
Citrix Content Collaboration
Improper resource control allows unauthenticated remote compromise
Network access to the ShareFile storage zones controller
All customer-managed ShareFile storage zones controllers versions prior to the latest version 5.11.24 have been blocked to protect our customers. Customers will be able to reinstate the storage zones controller once the update to 5.11.24 is applied.
Customers should shut down any machine that was running an affected version of the storage zones controller software.
Acknowledgements
ShareFile thanks Dylan Pindur of Assetnote for working with us to protect ShareFile customers.
What Citrix is Doing
Citrix is notifying customers and channel partners about this potential security issue through the publication of this security bulletin on the Citrix Knowledge Center at https://support.citrix.com/securitybulletins.
Obtaining Support on This Issue
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.
Subscribe to Receive Alerts
Citrix strongly recommends that all customers subscribe to receive alerts when a Citrix security bulletin is created or modified at https://support.citrix.com/user/alerts.
Reporting Security Vulnerabilities to Citrix
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Citrix, please see the following webpage: https://www.citrix.com/about/trust-center/vulnerability-process.html.
Disclaimer
This document is provided on an “as is” basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. Citrix reserves the right to change or update this document at any time. Customers are therefore recommended to always view the latest version of this document directly from the Citrix Knowledge Center.
Changelog
2023-06-13 T 15:30:00Z
CSAF Update
2023-06-13 T 12:30:00Z
Initial Publication
2023-08-17 T 20:30:00Z
Update recommendations to customers to include shutting down affected systems
Accelerate your deployment and utilization of the latest endpoint management capabilities in support of remote, on-premises, and hybrid work. Join us at Microsoft 365 Virtual Training Day: Managing Windows and Surface Devices from Microsoft Learn to see how to simplify the management of your desktop, devices, and cloud services with Microsoft Endpoint Manager. This free training is relevant across all deployment stages—whether you’re currently using Microsoft Configuration Manager to manage your devices, have started the path to cloud management, or are managing all your endpoints natively with Microsoft Intune. Once you’ve learned the basics of Endpoint Manager, we’ll shift the focus to Microsoft Surface, where you’ll discover how to deploy a secure device. You’ll get the tools and training to put Surface to work—creating a high level of endpoint security through integrated hardware, firmware, software, and identity protection. You will have the opportunity to: Learn how to plan and run an effective deployment of Windows 10. Deploy and manage configurations to organization- and user-owned devices. Explore the versatile functions of Surface. Join us at an upcoming two-part event: Thursday, September 07, 2023 | 11:00 AM – 2:30 PM | (GMT-08:00) Pacific Time (US & Canada) Friday, September 08, 2023 | 11:00 AM – 1:45 PM | (GMT-08:00) Pacific Time (US & Canada)
Delivery Language: English Closed Captioning Language(s): English
