Skip to content

Your Weekly ICS / OT Security News Digest – March 10th

Our research team has put together all of the most relevant news topics in the ICS, IT, Ransomware & OT security fields, as well as their impacts and their expert recommendations:


  1. Title: Access:7 Vulnerabilities Impact SCADA, Medical and IoT Devices
    Description: Seven vulnerabilities, tracked as Access:7, have been found in Parametric Technology Corporation’s (PTC) Axeda agent, used for remote access and management of over 150 connected devices from more than 100 vendors. Three of these flaws can be exploited to achieve remote code execution1.
    Besides healthcare-related technologies, these flaws also affect SCADA systems, asset monitoring technologies, IoT gateways, and more2.
    These are supply chain vulnerabilities, as Access:7 affects a solution sold to device manufacturers that did not develop their remote servicing system.

Attack Parameters: These vulnerabilities can be exploited by command injection, buffer overflow, and directory traversal.
Impact: Up to full compromise (RCE, DoS, sensitive data exposure, configuration modification, and specific services shut down)
SCADAfence Coverage: The SCADAfence Platform detects OS command injection and path traversal.

Recommendations: PTC has released patches for these vulnerabilities3.

  1. Title: TLStorm Vulnerabilities Impact APC Smart-UPS
    Description: Three critical vulnerabilities in smart uninterruptible power supply (UPS) devices, dubbed TLStorm, could allow for remote takeover. APC is a subsidiary of Schneider Electric, one of the leading vendors of UPS devices. UPS devices provide emergency backup power for mission-critical assets that require high availability4.

Attack Parameters: These vulnerabilities can be exploited remotely. Two zero-click vulnerabilities are in the implementation of the TLS protocol that connects the devices to the Schneider Electric management cloud.
Impact: Up to full compromise (information theft, configuration modification, RCE).
This could allow attackers to disrupt business services or cause physical damage by taking down critical infrastructure.
Recommendations: Schneider Electric released patches for these vulnerabilities.

Additional mitigations include:

  1. Deploying access control lists in which the UPS devices are only allowed to communicate with a small set of management devices and the Schneider Electric Cloud via encrypted communication.
  2. Changing the default NMC password and installing a publicly-signed SSL certificate.


  1. Title: Microsoft March Patch Tuesday

Description: Microsoft fixed 71 vulnerabilities, three of these critical, as they allow remote code execution. This Patch Tuesday also included fixes for three zero-day vulnerabilities5.

While these vulnerabilities haven’t been used in attacks, there are public PoC exploits for two of the zero-day vulnerabilities, one of them allowing remote code execution.

The remote code execution flaws which are more likely to be targeted are CVE-2022-23277 (Microsoft Exchange Server), CVE-2022-21990 (Remote Desktop Client), and CVE-2022- 24508 (Windows SMBv3 Client/Server)6.

Attack Parameters: Different for each vulnerability, though many can be exploited remotely. Impact: Up to full compromise (privilege escalation, information disclosure, DoS, RCE) SCADAfence Coverage:

  1. The SCADAfence Platform provides the ability to detect anomalous SMB activity.
  2. The CVEs mentioned above will be added to the Roadmap upon available POCs.

SCADAfence Recommendations:

  1. Microsoft has released patches for these vulnerabilities.
  2. RDP and SMB connections can be tracked with User Activity Analyzer.


  1. Title: Conti Ransomware Operation Leaks
    Description: A Ukrainian researcher leaked messages taken from the Conti and Ryuk ransomware gang’s private chat server. The information in these messages included bitcoin addresses, evading law enforcement, how they conduct their attacks, the source code for the administrative panel, the BazarBackdoor API, screenshots of storage servers, and more. A password-protected archive containing the source code for the Conti ransomware encryptor, decryptor, and builder was leaked as well. While the leaker did not share the password, another researcher cracked it, allowing everyone access to the source code7.

Impact: The source code provides insight into how the malware works. However, the availability of the source code could lead to the attempt of other threat actors to launch their own operations using the leaked code.
It is unclear yet how this data breach will affect Conti’s operation.

  1. Title: Lapsus$ Extortion Group – NVIDIA and Samsung Breaches
    Description: Over the past two weeks, Lapsus$ extortion gang breached two international companies – NVIDIA and Samsung Electronics.
    Lapsus$ gang broke into NVIDIA’s network, stole information and threated to leak it unless the company removes the LHR limitations in the GeForce RTX 30 Series. The gang stole confidential information, the source code of its Deep Learning technology (DLSS), and more8. Employee credentials were leaked and two expired code signing certificates were stolen. These were used to sign malwares and tools, such as Cobalt Strike and Mimikatz9.
    A week later, the gang hit Samsung Electronics and exfiltrated data, including internal company data, the source code related to its Galaxy devices, the source code for trusted applets installed within TrustZone, algorithms for biometric authentication, and confidential data from its chip supplier Qualcomm10.
    Targets: NVIDIA, Samsung Electronics, Qualcomm
    Impact: Part of NVIDIA’s business was offline for two days. In the case of Samsung, the breach could provide a pathway into Samsung devices, rendering them vulnerable11.

SCADAfence Coverage: The SCADAfence Platform detects the use of Cobalt Strike and Mimikatz. Further investigation is pending the publication of additional technical information. Recommendations: Following are additional best practices recommendations:

  1. Make sure secure offline backups of critical systems are available and up-to-date.
  2. Apply the latest security patches on the assets in the network.
  3. Use unique passwords and multi-factor authentication on authentication paths to OT assets.
  4. Encrypt sensitive data when possible.
  5. Educate staff about the risks and methods of ransomware attacks and how to avoid infection.
  1. Title: RagnarLocker Ransomware
    Description: Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors12.
    Targets: Entities in the critical manufacturing, energy, financial services, government, and information technology sectors.

Attack Parameters: RagnarLocker frequently change obfuscation techniques to avoid detection and prevention. IOCs associated with RagnarLocker activity include information on attack infrastructure, Bitcoin addresses used to collect ransom demands, and email addresses used by the gang’s operators, were released.
Impact: Unknown due to limited information published.

SCADAfence Coverage: The SCADAfence Platform detects the use of CMD to execute commands and the attempt to stop services, both techniques used by the gang.
Recommendations: The FBI advised against paying a ransom, and encouraged businesses to report any ransomware attacks to help prevent future incidents. An advisory was published providing IOCs that can be used to detect and defend against this ransomware.
Following are additional best practices recommendations:

  1. Make sure secure offline backups of critical systems are available and up-to-date.
  2. Apply the latest security patches on the assets in the network.
  3. Use unique passwords and multi-factor authentication on authentication paths to OT assets.
  4. Encrypt sensitive data when possible.
  5. Educate staff about the risks and methods of ransomware attacks and how to avoid infection.
  1. Title: Toyota Production Affected by Cyberattack
    Description: A system failure at one of Toyota’s suppliers of vital parts, Kojima Industries, caused Toyota to suspend the operation of 28 production lines in 14 plants in Japan13. Although Kojima has not published any official information, the company’s website was offline and Japanese news outlets claimed that the disruption is a result of a cyberattack. This attack could be linked to Japan’s sanctions on Moscow, though there is no confirmation of a Russian connection.
    Attack Parameters: Unknown due to limited information published.

Impact: The expected impact is a 5% drop in Toyota’s monthly production in Japan, which translates to roughly 13,000 units.
Recommendations: Unknown due to limited information published.

Additional Resources:





5, zero-days-critical-bugsmarch-patch-tuesday/178817/



8, remove-mining-cap-or-we-leak-hardware-data/,


10 ,



13 ,

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

Data Loss Prevention, Guide for 2022

Data is the most precious asset a company has, from copyrights and client lists to sensitive information about employees. Most data is now in electronic form. It is created and accessed through software, databases, and other tools, making it vulnerable to loss and theft. 

What You Will Learn:

Let’s start with a real-life experience. When working with an advertising agency, one of my colleagues sent an internal document with all invoices, including prices related to an essential client, to the their account manager’s email address. But unfortunately, instead of choosing the Company/Account she chose the client Company – and the client ended up with a ready-made argument on how to lower their fee. The colleague soon became an ex-colleague, and the client left the agency shortly afterward. 
Even though this scenario may seem like an exaggeration, these kind of mistakes happen in every company. Furthermore, they are compounded by malicious intent, such as a disgruntled employee stealing a client’s database to sell to acompetitor, or a contractor downloading a list of every transaction made. 

What is Data loss prevention? How to take care of your data security  

Data loss prevention (DLP) is simply a process of securing your sensitive data from being lost, accessed by unauthorized persons, or misused. This process usually uses a tool, such as DLP software and platform, to classify data and determine what to protect, and actual protection of that data by implementing/enforcing security policies.

This approach is not only in the company’s business interest, but also legally required by regulations such as GDPR, HIPAA and PCI-DSS. And of course, this process needs to be embedded into company processes and data handling. Every company to some extent, needs to resolve the following issues:  

  • The protection of intellectual property and trade secrets is vital for your organization’s financial results and your brand reputation. 
  • Regulatory compliance to ensure the compliance with information protection security acts, to detect and prevent regulatory violation.
  • Insight into your organization effectivity to optimize internal processes and resources, such as hardware or software use. 

The Main Components of DLP: A short glossary 

Let’s take a look at DLP and what you need to take into account when setting up this process. This will come in handy when discussing the uses and advantages of specific data loss prevention software. 
The most important asset is data. 

  • Data at rest: data stored in archives and databases that is not actively accessed or processed. 
  • Data at motion:  data in transit or in flight that is moved from one location to another, i.e., by copying or downloading. This transfer may happen within an organization network or outside it. Both types need to be protected and are most vulnerable to attack or threat. 
  • Data in use: active data that is currently being read, processed, updated or deleted by the system. 

Data loss prevention software protects this data against some types of data incidents. These incidents may vary according to their intentionality (from mistakes to thefts) and with different levels of severity and extent. 

  • Data loss: event that results in data being deleted, corrupted, or made unavailable  
  • Data leakage/data leaks: unauthorised transmission of data 
  • Data breach: intentional or unintentional release of sensitive information 

Even though the actual name “data loss prevention” implies that it prevents data loss, most software protects against data leakage and, in some scenarios, against data breaches. The term “data loss prevention” is used so widely, and has been for such a long time, it will probably remain the preferred way to describe a solution that makes it difficult for sensitive data to be leaked or misused outside a company. 
These data issues can happen at endpoints, like on devices such as computers, mobile phones, tablets, or printers and USBs, or on shared folders, NAS, or servers. Endpoint security is a critical part of data protection in times of hybrid work and BYOD. 

The most critical process is determining the value of data, since not all data was created equal.

It is important to consider the following when determining the value of data:

  • Data identification and classification simply means discovering where the data is and if it needs to be protected, and to what extent. This process may be manual, using rules and metadata, or semi-automatic using content & context classification and end-user classification. In the future, AI and ML could theoretically enable fully automated classification (but should still be subject to human control). Data classification is done using content and context. 
  • Content of the data: if a document contains credit card numbers or hospital patient information, it would be worth preventing it from being sent to persons outside the company or even unauthorized persons within an institution. 
  • Context of the data: where and when the information was created, where was it stored, and how it was changed.
  • And finally, with all these components in place, you may be able to detect data leaks and/or prevent them. Detection means having the information after the fact (such as an alert that an employee sent a sensitive file outside the company). In contrast, prevention means making sure a leak doesn’t happen (e.g., when attempting to upload a file to the internet, the upload is blocked).    

Data loss is caused by internal and external actors. 

“Next time we run a company, no employees.” Chief data security officers would agree, since around half (from 40% to 60%, according to different sources) of data breaches are internal. They come from employees, contractors, and other actors connected to the company. What are the most common scenarios? 

Mistakes: sharing sensitive data outside a company can happen in a blink: replying to all or sending to the wrong person. This unintentional or negligent data exposure constitutes the majority of data leaks. 

Intentional disclosure of the information: an internal actor, such as an employee or a contractor, moves sensitive data outside the organization for their own benefit. 

Use of incorrect software or process: uploading a client’s file on a public repository, or using a public computer or wifi areexamples of another common problem. “Shadow IT”, i.e., the use of unauthorized software and services, may be improved through employee training, but data loss prevention software can systematically solve this issue, like blocking data transfers to those services. 

Theft or loss of devices: hybrid work results in the increased portability of company devices and therefore more occasions for loss or theft. You may remember the Secret service agent’s stolen laptop that contained Hillary Clinton’s emails. Or read our article about the risks of external devices.

Data loss prevention software: why and how to choose   

DLP software identifies, detects, and protects an organization’s sensitive data, whether they are at rest, in motion or in use on its different endpoints.

The main advantages of data loss prevention software are protecting a company’s reputation and upholding its business value by detecting or preventing data leaks. In the first case, it lets you take appropriate measures and mitigate incidents; in the second, it prevents incidents from even happening. In the wrong email address example, detection could mean determining that a sensitive document was sent to an unauthorised address; prevention would be not allowing the employee to send the material at all.

Another long-term benefit of these solutions is employee education. Because they are warned or notified of unauthorized data-related operations, they learn and internalize the correct way to manage sensitive. As demonstrated, the weakest link of every security solution is human. By educating employees, contractors, and other internal actors, a company can improve its data security in the long run. Some DLP platforms incorporate this already: a user can upload a sensitive file by justifying the action, knowing that everything is logged. 

How to choose a DLP solution? First, you need to determine what legal frameworks apply to your company and what main scenarios you want to protect: audit and monitor your data, protect your data against insider threat or audit your company’s use of resources.  

Questions to ask potential vendors

  • Does it cover the security scenarios of your organization?  
  • Is it sufficient for the size and complexity of your organization?  

Your ideal vendor should work with you during each step to help you determine the extent of the solution you need, starting with a data management audit. Implementing data loss prevention does not stop with the choice of vendor and setting up the software. Even though it is usually the IT department who runs this initiative, all employees should be aware of the process and educated about the use of the selected software and correct data-related behavior.
While the end-user of DLP software is often a single technician, the information gathered offers essential information concerning company-wide issues, such as the rise in data incidents, a sudden surge of insider threat, or sub-optimal use of company resources.
If you want your platform not only to deliver protection and prevention when it comes to data security but also offer you valuable insights, incorporate them into your reporting stack and make it part of your data-driven management. 

Your data is your most important asset – protect it accordingly.  

Data loss prevention software helps not only protect company sensitive data against insider threat and loss but also helps to future-proof your organization when it comes to business continuity, reputation, and knowledge management. It is an important part of data-driven decision-making, helping you prevent or resolve data-related incidents and educate employees about the necessity of treating data as the most critical business asset.
Choosing and implementing DLP software are integral parts of a company-wide initiative for general data management and protection. Just as it is normal for a company to protect its data against external attacks by using antimalware and firewalls, antimalware, and secure web gateways, it should also be natural to use DLP software to protect the data against loss and insider threat.

Why Safetica

Learn how can Safetica meet company sensitive data protection and operation audit goals.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Awingu vs. Apache Guacamole

Comparing Apache Guacamole & Awingu

Awingu has a built-in RDP to HTML5 gateway. No wonder that we get compared to Apache Guacamole from time to time. In this blog we’ll have a look at what Guacamole is and how it compares to Awingu.

Apache Guacamole is a client-less remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. It is client-less in the sense that it delivers apps (or desktops) in HTML5 when Guacamole is installed on the back-end. Apache Guacamole is a free and open-source platform that is maintained by the Apache community.

As a free open-source tool, it got a nice basis of fans; from home-users to businesses to software companies. The latter embed Guacamole in their products (VPN and firewall vendors for example; even if most of them will be secretive about it).

How can they be compared exactly?

Awingu does not rely on Apache Guacamole

For starters, lets be clear about this: Awingu does not use (build on, rely on, ) Apache Guacamole. Awingu uses its own proprietary HTML5 gateway. I frequently hear the false claim that Awingu used Guacamole… and while this is true for a number of competitors in our space, it is certainly not for Awingu.

Awingu is a commercial product

Secondly, Awingu is a commercial product with a commercial organization around it. So this means we have extensive product documentation, technical support, technical trainings, commercial models for channel partners, contractual obligations, etc. That obviously means we sell our product and don’t offer it for free. I guess that’s the first big difference. Who will you call when you have a problem? What happens when there are security vulnerabilities identified? And so on.

This also extends into the organization behind Awingu. We are a very security and compliance focused organization, e.g. we are ISO27001 certified. I need of course to be very cautious as there is no such thing as absolute security: we continuously get pen-tested (by customers, internally and by neutral third parties) and always pass the bar, moreover our roadmap is very security / Zero Trust focused (with capabilities such as MFA, SSL, context awareness, usage audit, …). Apache Guacamole has been hit by a pretty severe vulnerability in July 2020. Since then, 5 other CVEs (Common Vulnerabilities and exposures) have been identified (and fixed!)

Furthermore, it means that we not only have a wide channel ecosystem with trained and certified engineers that covers big parts of the globe; but also that we have a set of tested technology partnerships (e.g. BlackBerry, OpsWat, IdenProtect, …) that extend and  complement the Awingu perimeter.

Differences on technology level

Thirdly, if we take a look at the technology perspective there are also some obvious (and less obvious) differences. Awingu was built with the idea that it should be simple to deploy and work with, for Windows or Linux admins. I think its not a false statement to claim Guacamole has most fans in the Linux and open-source communities.

Now, let’s take a deeper look in the architecture and features (this will not be an exhaustive list, but I try to list the main differences):

Some similarities:

  • HTML5 gateway & Protocols supported: Guacamole supports SSH, VNC and RDP. From that list, Awingu supports RDP. However, Awingu also supports WebDAV as well as CiFS and further Awingu’s built-in reverse proxy supports web applications.
  • Similar(ish) features for published applications:
    • HMTL5 access (browser-based access)
    • Virtual keyboard
    • Virtual (pdf) printer
    • Session sharing and session recording
    • MFA TOTP built-in, incl. support for RADIUS
  • Also similar to Awingu, Guacamole is not built to render highly graphical applications (e.g. 3D rendering), video or run video/voice calls

… and some differences:

  • File server access:
    • Awingu includes access to file servers via WebDAV or CIFS via the Awingu ‘files’ section. Files can be opened from Awingu ‘files’ with associated published applications
    • Via Awingu files, one can also ‘share’ files (large or small) similar to the functioning of WeTransfer (with the exception that you don’t need to upload your file(s) into a 3rd party cloud)
  • Awingu comes with a built-in Reverse proxy to enable access to (internal) web applications without the need for RDP (nor RDS CALs)
  • UX:
    • I’m too biased to judge on the intuitiveness and look and feel of the workspace front-end. I’m not going to comment on it 😊



    • Multi-monitor capabilities in Awingu are better developed with multiple options (more on this feature)
  • Smartcard support (in-app usage): Awingu can support the use of smartcard (e.g. eID card) within applications (e.g. reading an eID card info) with the support of its RAH (Remote Application Helper). The RAH is the only exception in Awingu’s HTML5 centric story. The RAH is an agent that needs to be installed on the local computer (Windows, MacOS or Linux). Guacamole does not support in-app usage.
  • Security & compliance: Awingu also comes with…
    • built-in Context Awareness capabilities (e.g. based on location or IP address as context)
    • built-in usage audit and anomaly detection (which can be hooked-up into a SIEM)
    • Single Sign-On (SSO) capabilities over SAML or OpenID Connect without vaulting passwords in the Awingu appliance. Guacamole does support SSO, but leverages password caching. We believe the Awingu setup is more secure.
    • SSL encryption built-in
  • Also, from an architecture perspective there are differences:
    • Awingu is delivered as a virtual appliance, while Guacamole requires installing multiple services (or multiple docker containers which require to be linked). We believe the virtual appliance does not only offer significant benefits in speed of deployment but especially stands out in simplicity.
    • Inside the Guacamole Server, Guacamole will behave different than Awingu as it leverages in an internal translation protocol (RDP Guacamole protocol HTML5) while Awingu does not. This makes Awingu a more resource optimized HTML5 gateway (but obviously, Awingu runs a lot of other services on the same virtual appliance).
    • Awingu can enable HA (High Availability). In a multi-node deployment, Awingu can fail-over between nodes when issues arise.
    • Awingu comes with out-of-the-box multi-tenancy.


So, Guacamole vs. Awingu? A lot of similarities, but even more differences. This blog post is based on our knowledge of Guacamole – which might not be complete, we don’t pretend to be Guacamole experts – and takes a deeper look into those elements that we hear our customers mostly talk about.

Speaking of those Awingu customers, could be interesting to know that they are typically part of these following groups:

  • Organizations (public or private) that enable:
    • Work from Home
    • Contractor Access
    • Secure intra-network access
  • Cloud/managed service providers that offer their customers a digital workspace
  • ISVs (making legacy applications available in the browser, just like SaaS)

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Awingu
Awingu produces a browser-based Unified Workspace solution. It allows users to work and collaborate from virtually anywhere using any device compatible with HTML5 browsers. As a turnkey solution, Awingu offers businesses the ease and convenience of platform-independent mobility and offers everything you need to stay productive: legacy and cloud applications, documents and data. Awingu requires zero configuration and zero client software installation, making IT administration extremely simple.

About Ceeyu
Ceeyu provides a cloud-based analysis of a company’s digital presence, outside-in. This posture analysis displays all IT assets visible to any internet user, including malicious ones applying a similar analysis to gather intelligence to determine their attack paths. Ceeyu aims to quickly expand its intelligence gathering, support to standardize the results and automate the analysis to minimize its cost and provide continuously near real-time posture analysis.

About Toreon
Toreon is the largest Flemish originated cybersecurity expert services company. Grown from a team of specialized professionals, the company expanded rapidly organically. Toreon analyses the cybersecurity posture from the inside-out. A cybersecurity analysis can quickly require between 100 and 200 different scans that need to be executed, resulting in information that requires analysis. To optimize its services to its customers, but also to optimize the internal expert resources, Toreon has started to automate these analyses, but aims to further expand this process automation and by adding automated intelligence.

About VUB Labs
The VUB Software Languages Lab and the VUB Artificial Intelligence Lab are both innovative engineering departments from one of the leading Flemish universities in Belgium. Both have a long-standing scientific and industry-supporting background. Their expertise from the domain of applying AI-based automation and fuzzing technologies will be supporting the technology companies throughout the two-year project.

About LSEC
LSEC, an industry association that celebrates its 20th anniversary in 2022 will be focusing on the standardization work for automated postures, in relation to third party risk management analysis and relaying to developing industry standards in the US and EU. For more information, please contact Ulrich Seldeslachts, MD LSEC, Sebastien Deleersnyder, CTO Toreon, or any of the industry and scientific partners.



Click one of our contacts below to chat on WhatsApp