Tag: hack

E-mail attack costs company R100m

By  Myles Illidge for MyBroadband

Email security is becoming an increasingly important aspect of business in South Africa, and in one instance, spoofing resulted in a company losing R100 million to a malicious actor.

In an interview with CliffCentral, e-mail security firm Sendmarc co-founder Sam Hutchinson revealed that a malicious actor’s spoofed email resulted in the funds being paid into the wrong bank account. They have not been recovered.

“The largest loss I have dealt with personally is R100 million. That’s like enough money to never have to work again, and it’s just done with email fraud,” Hutchinson said.

“R100 million paid into the wrong bank account, and the money was lost. Gone.”

He added that the two companies involved in the transaction were now in a legal battle with one another to recover the funds.

Hutchinson said that smaller companies aren’t any less likely to be attacked.

“Now, if we talk about the size of an organisation, I deal with conveyancing companies who are three lawyers, and they are losing home transfers, which can be millions of rands,” he said.

“These are small companies using large amounts of money.”

Hutchinson mentioned that the smallest company he had worked with — a two-person travel agent — had their domain impersonated by an attacker, resulting in a school paying funds for a hockey tour into the wrong account.

“The whole under 16A hockey team didn’t go on tour,” he added.

Malicious actors undertake email spoofing to gain sensitive information or hijack transactions by impersonating organisations using forged email addresses.

Hutchinson explained that one of the best ways to prevent being caught out by email spoofing attacks is to implement Domain-based Message Authentication Reporting and Conformance (DMARC).

“If you look at the Gartner Security Report of two or three years ago, they said that email is one of the top five attack vectors for an organisation,” he said.

“If you look at organisations like the Hague … they say that DMARC is one of the top three things that an organisation must implement of any size.”

DMARC is an email validation system used to protect the domains of organisations from being used for email spoofing, phishing, and other cybercrimes.

Hutchinson explained that DMARC is particularly useful as you can look up an organisation globally, and 50% of JSE-listed companies in South Africa have not implemented DMARC.

“DMARC is the global technical standard that stops attackers sending mail from you,” he said.

However, even though half of JSE-listed companies haven’t implemented DMARC, South Africa is making better progress than the EU and the US.

“If we look at the EU: 70%, if we look at the US: 72%. So, South Africa’s actually doing pretty well,” Hutchinson said.

Hutchinson said that he had noticed that specific sectors, such as mining and manufacturing, traditionally fall behind regarding their security measures, resulting in them being attacked a lot.

“[Regarding] certain sectors, it’s just traditional that their security is not necessarily up to scratch. We see it in some of the industrials and the manufacturing, the security has almost been an afterthought, and they actually get attacked a lot,” he said.

“I see the mining sector getting attacked a lot because they have such huge transaction amounts,” he added.

 

By Penelope Mashego by Fin24

Pharmacy retailer Dis-Chem has launched an investigation into a data hack at one of its third-party service providers that resulted in an “unauthorised person” accessing the personal details of customers.

In a notice on Wednesday, Dis-Chem said its investigation so far showed that the hacker gained access to first names, surnames, email addresses and cellphone numbers belonging to more than 3.6-million people.

The retailer said it was informed about the breach – which took place in April – at the beginning of this month. It has since taken steps to establishing the scope of the breach and restore the “integrity” of its operating system

“Please note there is currently no indication that any personal information has been published or misused as a result of the incident. However, we cannot guarantee that this position will remain the same in future,” Dis-Chem cautioned.

The retailer added that it was continuing to monitor for any publication of the personal information accessed in the breach.

“While investigations into the incident are still ongoing, the operator has confirmed it has deployed additional safeguards in order to ensure protection and security of information on the database,” Dis-Chem said.

Dis-Chem also asked those possibly affected by the breach to be vigilant by:

  • Not clicking on suspicious links;
  • Not sharing passwords or PINs;
  • Changing passwords often;
  • Having regular anti-virus and malware scans on their devices; and
  • Providing personal information only when there is a legitimate reason.

Source: Bloomberg

Samsung Electronics Co. suffered a cybersecurity breach that exposed internal company data, including source code for the operation of its Galaxy smartphones, the company said.

The statement came after a claim over the weekend that LAPSUS$, a hacking group that stole proprietary information from Nvidia Corp.’s networks, had gained access to Samsung data.

The Korean electronics giant did not identify the attackers who compromised its systems. Measures to prevent further breaches have been put in place, a spokesperson said via text message, and customers’ personal data was not affected.

“There was a security breach relating to certain internal company data,” Samsung said. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees.”

“Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

The LAPSUS$ hackers posted a 190GB torrent file to their Telegram channel late Friday, claiming it contained confidential Samsung source code that exposed the company’s device security systems.

Among the items listed were algorithms for Samsung smartphone biometric authentication and bootloader source code to bypass some operating system controls.

 

Source: CNBC

As Russia steps up its cyberattacks on Ukraine alongside a military invasion, governments on both sides of the Atlantic are worried the situation could spill over into other countries, becoming an all-out cyberwar.

Russia has been blamed for a number of cyberattacks targeting Ukraine’s government and banking system in recent weeks.

On Thursday, cybersecurity firm ESET said it had discovered new “wiper” malware targeting Ukrainian organisations. Such software aims to erase data from the systems it targets.

A day earlier, the websites of several Ukrainian government departments and banks were knocked offline by a distributed denial of service (DDoS) attack, which is when hackers overwhelm a website with traffic until it crashes.

It comes after a separate attack last week took down four Ukrainian government websites, which U.S. and U.K. officials attributed to the GRU, the Russian military intelligence agency.

Ukrainian residents also reportedly received fake text messages saying ATMs in the country did not work, which cybersecurity experts say was likely a scare tactic.

For its part, Russia says it “has never conducted and does not conduct any ‘malicious’ operations in cyberspace.”

The onslaught of attacks has led to fears of a wider digital conflict, with Western governments bracing for cyberthreats from Russia — and considering how to respond.

Officials in both the U.S. and Britain are warning businesses to be alert to suspicious activity from Russia on their networks. Meanwhile, Estonian Prime Minister Kaja Kallas on Thursday said European nations should be “aware of the cybersecurity situation in their countries.”

NBC News reported Thursday that President Joe Biden has been presented with options for the U.S. to carry out cyberattacks on Russia to disrupt internet connectivity and shut off its electricity. A White House spokesperson pushed back on the report, however, saying it was “wildly off base.”

Nevertheless, cybersecurity researchers say an online conflict between Russia and the West is indeed a possibility — though the severity of any such event may be limited.

“I think it’s very possible, but I think it’s also important that we reflect on the reality of cyberwar,” John Hultquist, vice president of intelligence analysis at Mandiant, told CNBC.

“It’s easy to hear that term and compare it to real war. But the reality is, most of the cyberattacks we’ve seen have been nonviolent, and largely reversible.”

‘Spillover’
Toby Lewis, head of threat analysis at Darktrace, said the attacks have so far been largely focused on supporting Russia’s physical invasion of Ukraine.

“It is the physical land and territory that Russia appears to seek rather than economic leverage, for which a cyber-first campaign may be more effective,” he told CNBC.

However, researchers at Symantec said the wiper malware detected in Ukraine also affected Ukrainian government contractors in Latvia and Lithuania, hinting at a potential “spillover” of Russia’s cyberwarfare tactics into other countries.

“This likely shows the beginning of the collateral impact of this cyber-conflict on global supply chains, and there may begin to be some effect on other Western countries that rely on some of the same contractors and service providers,” Lewis said.

Several European Union countries, including Lithuania, Croatia and Poland, are offering Ukraine support with the launch of a cyber rapid-response team.

“We have long theorized that cyberattacks are going to be part of any nation-state’s arsenal and I think what we’re witnessing for the first time frankly in human history is cyberattacks have become the weapon of first strike,” Hitesh Sheth, CEO of Vectra AI, told CNBC’s “Squawk Box Asia” on Friday.

Sheth suggested Russia could launch retaliatory cyberattacks in response to Western sanctions announced earlier this week.

“I would fully expect that, given what we are witnessing with Russia overtly attacking Ukraine with cyberattacks, that they would have covert channels as a way to attack institutions that are being deployed to curtail them in the financial community,” he said.

What happens next?
Russia has long been accused by governments and cybersecurity researchers of perpetrating cyberattacks and misinformation campaigns in an effort to disrupt economies and undermine democracy.

Now, experts say Russia could launch more sophisticated forms of cyberattacks, targeting Ukraine, and possibly other countries, too.

In 2017, an infamous malware known as NotPetya infected computers across the world. It initially targeted Ukrainian organisations but soon spread globally, affecting major corporations such as Maersk, WPP and Merck. The attacks were blamed on Sandworm, the hacking unit of GRU, and caused upward of $10 billion in total damage.

“If they actually focus these types of activity against the West, that could have very real economic consequences,” Hultquist told CNBC.

“The other piece that we’re concerned about is that they go after critical infrastructure.”

Russia has been digging at infrastructure in Western countries like the U.S., U.K. and Germany “for a very long time,” and has been “caught in the act” multiple times, Hultquist said.

“The concern, though, is we’ve never seen them pull the trigger,” Hultquist added. “The thinking has always been that they were preparing for contingency.”

“The question now is, is this the contingency that they have been preparing for? Is this the threshold that they’ve been waiting for to start carrying out disruptions? We’re obviously concerned that this could be it.”

Last year, Colonial Pipeline, a U.S. oil pipeline system, was hit by a ransomware attack that took critical energy infrastructure offline. The Biden administration says it doesn’t believe Moscow was behind the attack. DarkSide, the hacking group responsible, was believed to have been based in Russia.

 

More Absa customers hit by data leak

Source: MyBroadband

Absa has continued to send notifications to more customers impacted by a data leak in October 2020.

Customers have told MyBroadband they received emails from the bank this past week informing them the leak also impacted them.

“Following Absa’s announcement of an isolated data leak in November 2020, and a resultant independent forensic investigation, we have now identified more compromised data and are contacting impacted customers directly,” it states.

“Unfortunately, this leak encompassed some of your personal information, including your identity, contact details and transactional account number,” the bank added.

The leak, which an Absa employee orchestrated, resulted in the exposure of customer data that included identity numbers, contact details, addresses, and account numbers.

The employee, who served as a credit analyst, had been caught selling the private information of retail banking clients to third parties.

He was subsequently dismissed and criminally charged, and Absa notified the Information Regulator about the issue.

In its initial acknowledgement of the breach in November 2020, the bank labelled the incident as “isolated” and claimed it affected a “limited number of customers”.

Absa chief security officer at the time, Sandro Bucchianeri, later revealed the bank believed the information of 200 000 customers was exposed. For reference, Absa had around 9.7 million customers as of September 2020.

Bucchianeri left Absa in June 2021 and joined National Australia Bank as chief security officer.

Number of new accounts impacted unclear
The latest notification is at least the second time since the initial notice that Absa has informed additional impacted customers their details were exposed in the leak.

In April 2021, Absa sent a similar email to customers it had determined were also impacted.

An Absa spokesperson told MyBroadband independent investigations were ongoing, and the bank continued to reach out to customers as new information came to light.

“Throughout this process, we have taken extra precautions and heightened monitoring of customer accounts,” the spokesperson said.

The spokesperson did not respond to a question about exactly how many impacted customers had been added to the original tally of 200,000.

Absa advised customers suspecting suspicious activity on their accounts to contact its fraud hotline on 0860 557 557.

The bank also offers a free digital fraud warranty for customers that use its mobile app.

 

The entirety of Twitch has been leaked

By Chris Scullion for Video Game Chronicles 

An anonymous hacker claims to have leaked the entirety of Twitch, including its source code and user payout information.

The user posted a 125GB torrent link to 4chan on Wednesday, stating that the leak was intended to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool”.

VGC can verify that the files mentioned on 4chan are publicly available to download as described by the anonymous hacker.

One anonymous company source told VGC that the leaked data is legitimate, including the source code for the Amazon-owned streaming platform.

Internally, Twitch is aware of the breach, the source said, and it’s believed that the data was obtained as recently as Monday.

Twitch has confirmed the leak is authentic: “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.”

The leaked Twitch data reportedly includes:

  • The entirety of Twitch’s source code with comment history “going back to its early beginnings”
  • Creator payout reports from 2019
  • Mobile, desktop and console Twitch clients
  • Proprietary SDKs and internal AWS services used by Twitch
  • “Every other property that Twitch owns” including IGDB and CurseForge
  • An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
  • Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)

Some Twitter users have started making their way through the 125GB of information that has leaked, with one claiming that the torrent also includes encrypted passwords, and recommending that users enable two-factor authentication to be safe.

If you have a Twitch account, it’s recommended that you also turn on two-factor authentication, which ensures that even if your password is compromised, you still need your phone to prove your identity using either SMS or an authenticator app.

To turn on two-factor identification:

  • Log on to Twitch, click your avatar and choose Settings
  • Go to Security and Privacy, then scroll down to the Security setting
  • Choose Edit Two-Factor Authentication to see if it’s already activated. If not, follow the instructions to turn it on (you’ll need your phone)

The torrent also reportedly includes Unity code for a game called Vapeworld, which appears to be chat software based on Amazon’s unreleased Steam competitor Vapor.

Meanwhile, Vapor, the codename for an alleged in-development Steam competitor, is claimed to integrate many of Twitch’s features into a bespoke game store.

Finally, the leaked documents allegedly show that popular streamers such as Shroud, Nickmercs and DrLupo have earned millions from working with the popular streaming platform.

What it doesn’t include is money that streamers have earned outside of Twitch, including merchandise, YouTube revenue, sponsorships and external donations.

The anonymous leaker has stated that this is just the first part of the content due to be leaked, but hasn’t stated what they plan to also release.

One cyber security expert said on Wednesday that, if fully confirmed, the Twitch hack “will be the biggest leak I have ever seen”.

Twitch has regularly found itself under fire from creators and users who feel the site doesn’t take enough action against problematic members of the Twitch community.

Last month a group of Twitch streamers called on other channels and viewers to boycott the site for 24 hours as a response to hate raids.

On the same day as the campaign was initially announced, Twitch posted a thread on Twitter explaining that it was attempting to stop hate raids but that it was not “a simple fix”.

“No one should have to experience malicious and hateful attacks based on who they are or what they stand for,” it stated. “This is not the community we want on Twitch, and we want you to know we are working hard to make Twitch a safer place for creators.

“Hate spam attacks are the result of highly motivated bad actors, and do not have a simple fix. Your reports have helped us take action – we’ve been continually updating our sitewide banned word filters to help prevent variations on hateful slurs, and removing bots when identified.

“We’ve been building channel-level ban evasion detection and account improvements to combat this malicious behaviour for months. However, as we work on solutions, bad actors work in parallel to find ways around them – which is why we can’t always share details.”

 

Department of Justice hacked

By Jan Vermeulen for MyBroadband

At least 1 200 files were exfiltrated from Department of Justice computer systems before attackers infected them with ransomware and brought South Africa’s legal system to its knees.

This is according to a notice published by the Information Regulator of South Africa to inform its users of the breach.

It said that according to the Department of Justice and Constitutional Development (DoJ&CD), these files may have contained personal information such as addresses and bank account details.

Personally identifying information of South Africa’s information officers may also have been exposed.

The Information Regulator said that the following personal information might have been exposed:

  • Names, addresses, identity numbers, and phone numbers of information officers
  • Names, residential addresses, identity numbers, phone numbers, qualifications, bank accounts, and salaries of employees
  • Names, addresses, and bank details of the service providers.

The Regulator noted that this is just an early indication of the type of personal data that might have been compromised.

“The DoJ&CD has indicated in its report to the Regulator that at this stage, the investigations are inconclusive in terms of the exact nature of the information that was sent outside the ICT systems of the DoJ&CD,” it stated.

“Therefore, the types of personal information of its data subjects that may have been compromised is not yet determined.”

In addition to details of the data breach, the Information Regulator also revealed that it only found out about the attack because of a media statement issued by the DoJ.

“The Regulator became aware of the possible security compromise through a media statement on 9 September 2021 and was officially notified on 13 September 2021,” it stated.

It was only formally notified after reminding the department of its obligation to notify the Regulator and data subjects per section 22 of the Protection of Personal Information Act (POPIA).

The Information Regulator explained that the attack on the DOJ&CD places it in a curious position.

When the Information Regulator was established, as an interim measure, its computer systems were set up under the structures of the Department of Justice.

This makes the Information Regulator a “data subject” of the department and a “responsible party” that must notify its own data subjects in terms of POPIA.

The DoJ&CD was hit by a ransomware attack on 6 September, knocking several critical systems offline. These included:

  • E-mail
  • Bail services
  • Payment of child maintenance
  • No way to correspond with magistrates or judges — no one can file court papers
  • Recording and transcription of court proceedings offline
  • Master’s offices

Several cases in South Africa’s lower courts were postponed due to the outage, and the court system remains disrupted as the DoJ&CD works to restore its IT systems.

On 17 September, the department said it had recovered some functionality of its system for child maintenance payments, MojaPay.

The Master’s Offices around South Africa have been forced to revert to manual systems, also causing severe disruptions with the following services impacted:

Deceased estates — including issuing letters of executorship and urgent payments out of frozen bank accounts
Curatorships
Orphans whose affairs are being managed by the state
Democratic Alliance MP and former prosecutor Glynnis Breytenbach has said that the disruption to the Master’s Offices is a significant concern.

“They are no longer geared to operate manually. They don’t have the staff,” she stated.

“We need to get these systems back up and running. The Master’s office is so dysfunctional this is going to be the last straw,” she said.

Example of ransomware note without specific amount demanded, pointing victim to a dark web chat service.
The Information Regulator said it currently does not know the person’s identity that broke into the DoJ&CD’s systems. An investigation is underway.

In correspondence received from the DoJ&CD dated 20 September 2021, the Regulator was informed that the issue was detected within the Citrix environment — where applications are hosted.

Connectivity was lost between application and database servers on the evening of 05 September 2021, and, as a result, all user accounts on the Active Directory were locked.

The analysis of the attack concluded that it was a malware infection suspected to be ransomware.

The DoJ&CD informed the Regulator that even though the person’s identity that breached their systems is unknown, the investigation has led to the discovery of text files consistent with ransomware.

These files contain instructions to the department to contact what seems to be the perpetrators.

However, the DoJ&CD has advised that no demand for money has been made as of 20 September 2021.

A source has told MyBroadband that the claim from the DoJ that they didn’t receive a ransom amount is incorrect and that the attackers have asked for 50 bitcoin — around R33 million.

The DoJ&CD has disputed this and maintained that it has received no ransom demand.

 

$611m stolen in cryptocurrency hack

By Emma Mayer for Newsweek

Poly Network, a protocol for swapping cryptocurrency, including bitcoin, announced on Tuesday that it was hacked, resulting in the loss of $611-million. The hack is suspected to be the largest fraud in “decentralised finance,” or DeFi, in history.

The network tweeted the news and urged exchanges to block all of the funds that were taken.

“We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses,” it tweeted, providing three addresses that it says the assets have been transferred to.

Poly Network swaps tokens across different blockchains, including Etereum and Ontology, as well as the blockchain for bitcoin. It was formed by an alliance between the teams behind multiple blockchain platforms, namely Neo, Ontology and Switcheo, according to The Block.

According to Cryptonews, $273 million in assets was taken in Ethereum tokens, $253 million in tokens on Binance Smart Chain and $85 million in U.S. Dollar Coin (USDC) tokens on the Polygon network.

“We will take legal actions and we urge the hackers to return the assets,” Poly Network tweeted in a thread.

Some believe this attack is the largest hack ever seen in the cryptocurrency space.

Since the attack, Tether, a form of stablecoin, managed to freeze roughly $33-million in tokens.

“We are aware of the poly.network exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can,” tweeted Changpeng Zhao, CEO of Binance, a cryptocurrency exchange.

The hack, according to The Block, forced O3, a trading pool that uses Poly Network to trade tokens among different blockchains, to suspend its cross-chain functionality.

Researchers suspect that the cause of the hack was a cryptography issue, which is rare in other instances of hacking. The attack on Poly Network may have been similar to the Anyswap exploit, an attack in July that saw $7.9-million stolen when a hacker reversed the private key.

A report from Reuters said that the DeFi sector of cybercrime registered losses of $474-million from January to July of this year.

“Just eight months into 2021 and DeFi hacks, thefts and frauds have already surpassed the total DeFi crimes from 2020,” Dave Jevans, CipherTrace’s chief executive officer, told Reuters. “This means regulators around the globe are paying closer attention to DeFi specifically.”

Many DeFi applications run on the Ethereum blockchain, and the industry is seeing both an expansion and improved security infrastructure. Jevans said that expansion was sure to attract more crime.

“It shouldn’t come as a surprise that as the DeFi ecosystem expands, so are DeFi crimes,” he said.

Newsweek reached out to CipherTrace for additional comment but did not hear back before publication.

 

By Terence Zimwara for Bitcoin.com

According to local media, leading South African financial institution FNB is denying allegations of a banking relationship with the recently collapsed crypto investment company, Africrypt. FNB also insists it did not enable the investment company’s transactions which helped Africrypt’s two directors disappear with billions of dollars in investor funds.

Disappearance of investor funds
The financial institution’s denial comes nearly two months after Africrypt abruptly stopped operating. At that time, the crypto investment firm’s management claimed Africrypt’s trading system had been breached. This breach compromised client accounts, wallets, and nodes, thus forcing Africrypt to freeze all accounts, the directors claimed.

However, shortly after the so-called breach, Africrypt directors Ameer Cajee and his brother Raees Cajee are alleged to have “transferred the crypto investment’s pooled funds from its South African account(s) through bitcoin on the blockchain in April 2021.” South African media reports estimate that as much as $3.6 billion in investor funds cannot be accounted for.

Meanwhile, in his response to a media inquiry, FNB spokesperson Nadiah Maharaj refused to acknowledge the existence of any relationship between FNB and Africypt. According to a media report, Maharaj, who cites client confidentiality restrictions, stated:

FNB once again confirms that it does not have a banking relationship with Africrypt. Due to client confidentiality, FNB cannot provide any information on specific bank accounts.

Use of crypto mixers
An investigation by local media suggests that after successfully siphoning investors’ funds, the Cajee brothers fled to the United Kingdom. These findings are also corroborated by another investigation by Hanekom Attorneys, a law firm that has been retained by victims of the Africrypt fraud. In addition to these findings, the law firm’s investigations further reveal that Africrypt directors had used mixers in an attempt to obfuscate the flow of the funds.

While the case has now been reported to the Hawks (South Africa’s elite police unit), the founder of the law firm, Darren Hanekom, is quoted in the report as suggesting Africrypt’s accounts with FNB have already been “drained” and that “the entirety of investors’ funds” may have been subjected to the mixing service.

 

By Bradley Prior for MyBroadband

HaveIBeenPwned has added a large data breach – involving popular writing website Wattpad – to its database of data breaches.

In June 2020, Wattpad – a website that allows users to publish their own literary content and critique the work of others – suffered a large data breach which exposed almost 270 million user records.

This data was reportedly sold to a private purchaser for $100,000, and has since reportedly been published to a public hacking forum – where it was shared broadly.

The data exposed in this breach includes names, usernames, email addresses, IP addresses, passwords, genders, and birth dates, HaveIBeenPwned said.

According to the post on the hacker website, included in the database are 145 million passwords hashed with bcrypt, and another 44-million hashed with SHA256.

“We are aware of reports that some user data has been accessed without authorisation. We are urgently working to investigate, contain, and remediate the issue with the assistance of external security consultants,” said Wattpad director of PR and communications Kiel Hume.

“From our investigation, to date, we can confirm that no financial information, stories, private messages, or phone numbers were accessed during this incident. Wattpad does not process financial information through our impacted servers, and active Wattpad users’ passwords are salted and cryptographically hashed.”

Hume said Wattpad is committed to maintaining the trust of its users “to ensure the safety and security of the Wattpad community”.

How to check if you are affected

HaveIBeenPwned allows you to check if your data was affected by data breaches including the recent breach of Wattpad.

To do this, users need to navigate to HaveIBeenPwned’s homepage and enter their email address into the search bar.

Check your email address here.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top