"}},"tagFollowsForNodes({\"nodeIds\":\"board:security-insights\",\"tagText\":\"F5 SIRT\"})":[{"__typename":"TagFollowForNodeResponse","coreNode":{"__ref":"Tkb:board:security-insights"},"follow":null}],"component({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com\"}}})":{"__typename":"ComponentRenderResult","html":""}},"component({\"componentId\":\"custom.widget.Beta_MetaNav\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com\"}}})":{"__typename":"ComponentRenderResult","html":" "}},"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMore\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageViewCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageViewCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/kudos/KudosCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/kudos/KudosCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRepliesCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1728320186000"}]},"CachedAsset:pages-1737540121075":{"__typename":"CachedAsset","id":"pages-1737540121075","value":[{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737540121075,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Former Member","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"dd-MMM-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":"en","possibleValues":["en-US"]}},"deleted":false},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"CachedAsset:theme:customTheme1-1737540120588":{"__typename":"CachedAsset","id":"theme:customTheme1-1737540120588","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"JimmyPackets-512-1702592938213.png","imageLastModified":"1702592945815","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"f5_logo_fix-1704824537976.svg","imageLastModified":"1704824540697","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1600px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_PAGE_CONTENT","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"5px","borderRadius":"5px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"14px","paddingXHero":"42px","fontStyle":"NORMAL","fontWeight":"400","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-400)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-300)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"NONE","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.06)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","forumColor":"#0C5C8D","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#62C026","blogColor":"#730015","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#C20025","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#F3704B","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#EE4B5B","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#491B62","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0C5C8D","secondary":"#333333","bodyText":"#222222","bodyBg":"#F5F5F5","info":"#1D9CD3","success":"#62C026","warning":"#FFD651","danger":"#C20025","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#C20025","#081B85","#009639","#B3C6D7","#7CC0EB","#F29A36"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Inter","fontStyle":"NORMAL","fontWeight":"600","h1FontSize":"30px","h2FontSize":"25px","h3FontSize":"20px","h4FontSize":"18px","h5FontSize":"16px","h6FontSize":"16px","lineHeight":"1.2","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":null,"h2FontWeight":null,"h3FontWeight":null,"h4FontWeight":null,"h5FontWeight":null,"h6FontWeight":null,"__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":null,"imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"14px","defaultMessageHeaderMarginBottom":"10px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"14px","specialMessageHeaderMarginBottom":"10px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Atkinson Hyperlegible","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.3","fontSizeBase":"15px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"13px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1728320186000","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1728320186000","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-pages/tags/TagPage-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-pages/tags/TagPage-1728320186000","value":{"tagPageTitle":"Tag:\"{tagName}\" | {communityTitle}","tagPageForNodeTitle":"Tag:\"{tagName}\" in \"{title}\" | {communityTitle}","name":"Tags Page","tag":"Tag: {tagName}"},"localOverride":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0xMTEtbGVaU3k3?image-coordinates=0%2C0%2C192%2C192\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bi0xMTEtbGVaU3k3?image-coordinates=0%2C0%2C192%2C192","mimeType":"image/png"},"Category:category:Articles":{"__typename":"Category","id":"category:Articles","entityType":"CATEGORY","displayId":"Articles","nodeType":"category","depth":1,"title":"Articles","shortTitle":"Articles","parent":{"__ref":"Category:category:top"},"categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:top":{"__typename":"Category","id":"category:top","displayId":"top","nodeType":"category","depth":0,"title":"Top"},"Tkb:board:security-insights":{"__typename":"Tkb","id":"board:security-insights","entityType":"TKB","displayId":"security-insights","nodeType":"board","depth":2,"conversationStyle":"TKB","title":"Security Insights","description":"From F5 SIRT and F5 Labs - expert analysis, industry updates, cybersecurity trends, and tips to help protect your digital assets.","avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0xMTEtbGVaU3k3?image-coordinates=0%2C0%2C192%2C192\"}"},"profileSettings":{"__typename":"ProfileSettings","language":null},"parent":{"__ref":"Category:category:Articles"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:zihoc95639"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:Articles"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"boardPolicies":{"__typename":"BoardPolicies","canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","args":[]}},"canReadNode":{"__typename":"PolicyResult","failureReason":null}},"tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"shortTitle":"Security Insights","tagPolicies":{"__typename":"TagPolicies","canSubscribeTagOnNode":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","args":[]}},"canManageTagDashboard":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","args":[]}}}},"CachedAsset:quilt:f5.prod:pages/tags/TagPage:board:security-insights-1737540118863":{"__typename":"CachedAsset","id":"quilt:f5.prod:pages/tags/TagPage:board:security-insights-1737540118863","value":{"id":"TagPage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"items":[{"id":"tag-header-widget","layout":"ONE_COLUMN","bgColor":"var(--lia-bs-white)","showBorder":"BOTTOM","sectionEditLevel":"LOCKED","columnMap":{"main":[{"id":"tags.widget.TagsHeaderWidget","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"},{"id":"messages-list-for-tag-widget","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","props":{"viewVariant":{"type":"inline","props":{"useUnreadCount":true,"useViewCount":true,"useAuthorLogin":true,"clampBodyLines":3,"useAvatar":true,"useBoardIcon":false,"useKudosCount":true,"usePreviewMedia":true,"useTags":false,"useNode":true,"useNodeLink":true,"useTextBody":true,"truncateBodyLength":-1,"useBody":true,"useRepliesCount":true,"useSolvedBadge":true,"timeStampType":"conversation.lastPostingActivityTime","useMessageTimeLink":true,"clampSubjectLines":2}},"panelType":"divider","useTitle":false,"hideIfEmpty":false,"pagerVariant":{"type":"loadMore"},"style":"list","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"mostRecentUserContent":false,"newest":false},"additional":{"mostKudoed":true,"mostViewed":true,"mostReplies":false,"noReplies":false,"noSolutions":false,"solutions":false}}},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:quiltWrapper:f5.prod:Common:1737540050581":{"__typename":"CachedAsset","id":"quiltWrapper:f5.prod:Common:1737540050581","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":"header.jpg","backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"LEFT_CENTER","lastModified":"1702932449000","__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.Beta_MetaNav","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":true,"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"700","controllerHighlightColor":"hsla(30, 100%, 50%)","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"15px","linkBoxShadowHover":"none","backgroundOpacity":0.4,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"48px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"10px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"0","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"center","linkColor":"var(--lia-bs-primary)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-primary)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid #0C5C8D","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","paddingTop":"10px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"#0C5C8D","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"#0C5C8D"},"links":{"sideLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"TechnicalForum","categoryId":"Forums"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"WaterCooler","categoryId":"Forums"},"routeName":"ForumBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"Forums"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-4","params":{"boardId":"codeshare","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-5","params":{"boardId":"communityarticles","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"categoryId":"CrowdSRC"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-7","params":{"boardId":"TechnicalArticles","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"article-series","params":{"boardId":"article-series","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"security-insights","params":{"boardId":"security-insights","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-8","params":{"boardId":"DevCentralNews","categoryId":"Articles"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-6","params":{"categoryId":"Articles"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"categoryId":"CommunityGroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"categoryId":"F5-Groups"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"GroupsCategory"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-12","params":{"boardId":"Events","categoryId":"top"},"routeName":"EventBoardPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"Suggestions","categoryId":"top"},"routeName":"IdeaBoardPage"}]},"className":"QuiltComponent_lia-component-edit-mode__lQ9Z6","showSearchIcon":false},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"transparent","visualEffects":{"showBottomBorder":false},"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"#222222"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"var(--lia-bs-primary)","linkHighlightColor":"#FFFFFF","visualEffects":{"showBottomBorder":false},"backgroundOpacity":60,"linkTextColor":"#FFFFFF"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"custom.widget.Beta_Footer","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Tag_Manager_Helper","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Consent_Blackbar","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1728320186000","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.Beta_MetaNav-en-1737540138254":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_MetaNav-en-1737540138254","value":{"component":{"id":"custom.widget.Beta_MetaNav","template":{"id":"Beta_MetaNav","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_MetaNav","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_Footer-en-1737540138254":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_Footer-en-1737540138254","value":{"component":{"id":"custom.widget.Beta_Footer","template":{"id":"Beta_Footer","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_Footer","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Tag_Manager_Helper-en-1737540138254":{"__typename":"CachedAsset","id":"component:custom.widget.Tag_Manager_Helper-en-1737540138254","value":{"component":{"id":"custom.widget.Tag_Manager_Helper","template":{"id":"Tag_Manager_Helper","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Tag_Manager_Helper","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Consent_Blackbar-en-1737540138254":{"__typename":"CachedAsset","id":"component:custom.widget.Consent_Blackbar-en-1737540138254","value":{"component":{"id":"custom.widget.Consent_Blackbar","template":{"id":"Consent_Blackbar","markupLanguage":"HTML","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Consent_Blackbar","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1728320186000","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagsHeaderWidget-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagsHeaderWidget-1728320186000","value":{"tag":"{tagName}","topicsCount":"{count} {count, plural, one {Topic} other {Topics}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1728320186000","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1706288370055":"Content Feed","title@instance:1704319314827":"Blog Feed","title@instance:1704317906837":"Content Feed","title@instance:1702668293472":"Community Feed","title@instance:1704320290851":"My Contributions","title@instance:1703720491809":"Forum Feed","title@instance:1703028709746":"Group Content Feed","title@instance:VTsglH":"Content Feed"},"localOverride":false},"Category:category:Forums":{"__typename":"Category","id":"category:Forums","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:TechnicalForum":{"__typename":"Forum","id":"board:TechnicalForum","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:WaterCooler":{"__typename":"Forum","id":"board:WaterCooler","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:TechnicalArticles":{"__typename":"Tkb","id":"board:TechnicalArticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:DevCentralNews":{"__typename":"Tkb","id":"board:DevCentralNews","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:GroupsCategory":{"__typename":"Category","id":"category:GroupsCategory","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:F5-Groups":{"__typename":"Category","id":"category:F5-Groups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityGroups":{"__typename":"Category","id":"category:CommunityGroups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:Events":{"__typename":"Occasion","id":"board:Events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Idea:board:Suggestions":{"__typename":"Idea","id":"board:Suggestions","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"ideaPolicies":{"__typename":"IdeaPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CrowdSRC":{"__typename":"Category","id":"category:CrowdSRC","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:codeshare":{"__typename":"Tkb","id":"board:codeshare","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:communityarticles":{"__typename":"Tkb","id":"board:communityarticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:article-series":{"__typename":"Tkb","id":"board:article-series","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:339236":{"__typename":"Conversation","id":"conversation:339236","topic":{"__typename":"TkbTopicMessage","uid":339236},"lastPostingActivityTime":"2025-01-21T10:17:51.963-08:00","solved":false},"User:user:72057":{"__typename":"User","uid":72057,"login":"ArvinF","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS03MjA1Ny1ndTdUdTE?image-coordinates=90%2C126%2C444%2C481"},"id":"user:72057"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkyMzYtV0VMSUVD?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkyMzYtV0VMSUVD?revision=2","title":"SIRT_DevCentral (1).jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:339236":{"__typename":"TkbTopicMessage","subject":"US Tiktok ban, Salt and Twill, over Half billion in crypto stolen","conversation":{"__ref":"Conversation:conversation:339236"},"id":"message:339236","revisionNum":2,"uid":339236,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:72057"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":181},"postTime":"2025-01-21T10:17:51.963-08:00","lastPublishTime":"2025-01-21T10:17:51.963-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello! ArvinF is your editor for F5 SIRT This Week in Security covering January 12-18, 2025 and this is my first edition for 2025. I wish you all a secured, prosperous and successful rest of the year! I picked interesting and informative security news and I hope you find them educational. Stay Safe and Secured! \n Credit to the original authors of the articles. \n As always, if this is your first TWIS, you can always read past editions. We also encourage you to check out all of the content from the F5 SIRT. \n US SC orders to Tiktok - divest or ban. Ban, it seems? \n \"The US Supreme Court has upheld a law requiring TikTok to either divest from its Chinese parent ByteDance or face a ban in the United States. The decision eliminates the final legal obstacle to the federal government forcing a shutdown of the platform for US users on January 19.. \n Protecting Americans from Foreign Adversary Controlled Applications Act (PFACAA) doesn't infringe upon the First Amendment rights of TikTok users. \n As written, the act is about protecting Americans from Chinese data collection and has nothing to do with constraining free speech, SCOTUS said. \n There is no doubt that, for more than 170 million Americans, TikTok offers a distinctive and expansive outlet for expression, means of engagement, and source of community,\" the court wrote in its decision. \"But Congress has determined that divestiture is necessary to address its well-supported national security concerns regarding TikTok's data collection practices and relationship with a foreign adversary. \n Current administration officials, speaking to the press on condition of anonymity, have said the outgoing President doesn't intend to enforce the ban, leaving the matter for President-elect to deal with upon taking office the day after the blockade is set to take effect. \n That is to say, it'll be up to new administration to oversee the real-world implementation of the law, and how the app will be banned, given that TikTok hasn't been successfully sold off in time.\" \n Governments will protect their citizen's from unauthorized tracking and access to their data used and shared in applications thru laws, diplomatic efforts and cyber security. This news has been ongoing for a while and with the new US administration coming in, we will see updates on this. \n Clock ticking for TikTok as US Supreme Court upholds ban https://www.theregister.com/2025/01/17/scotus_upholds_tiktok_ban/ \n https://regmedia.co.uk/2025/01/17/scotus-tiktok-decision.pdf \n \n Twill Typhoon PlugX plugged \n \"The FBI, working with French cops, obtained nine warrants to remotely wipe PlugX malware from thousands of Windows-based computers that had been infected by Chinese government-backed criminals, according to newly unsealed court documents. \n The Feds had been tracking a crew called Mustang Panda, aka Twill Typhoon, for years, and claimed the Beijing-linked team had broken into “numerous government and private organizations” in the US, Europe, and Indo-Pacific region. \n French law enforcement and Sekoia[.]io, a France-based private cybersecurity company, were able to pull the plug on PlugX, and shut down the operation, in 2023 after Sekoia compromised the system behind the lone IP address used by Mustang Panda to remotely control computers infected with the software nasty. \n According to the Feds, the People’s Republic of China paid Mustang Panda to, among other computer intrusion services, provide malware including PlugX. \n The crew used a version of PlugX that allowed the miscreants to remotely access and control infected machines, steal files, and deploy additional malware. As detailed in the unsealed application for a search and seizure warrant to wipe the software from people's Microsoft Windows PCs \n This variant of PlugX malware spreads through a computer’s USB port, infecting attached USB devices, and then potentially spreading to other Windows-based computers that the USB device is later plugged into. Once it has infected the victim computer, the malware remains on the machine (maintains persistence), in part by creating registry keys which automatically run the PlugX application when the computer is started. Owners of computers infected by PlugX malware are typically unaware of the infection. \n That move came after Sophos documented the USB-hopping PlugX earlier that year. Devices behind 45,000 IP addresses in the US alone had attempted to connect to that one remote-control server since its takedown, we're told. \n Then in August 2024, the US Justice Department and FBI went to court to obtain nine warrants authorizing the deletion of PlugX from machines in America, which was then carried out. The last of these warrants expired on January 3, and in total, the operation wiped PlugX from about 4,258 US-based systems. \n As we understand it, the Feds tested a self-destruct command built into PlugX that would remove the malicious code from infected machines, and then remotely ran that command on infected PCs to erase the software. The command was issued from a server using the IP address previously used to control the bots that was seized by the French. \n According to the FBI, this self-delete command did the following: \n \n delete the files created by the PlugX malware on the victim computer, \n delete the PlugX registry keys used to automatically run the PlugX application when the victim computer is started, \n create a temporary script file to delete the PlugX application after it is stopped, \n stop the PlugX application, and \n run the temporary file to delete the PlugX application, delete the directory created on the victim computer by the PlugX malware to store the PlugX files, and delete the temporary file from the victim computer.\" \n \n The PlugX malware was delivered thru USB infection. For the common folks, an innocent looking USB drive may look harmless, however, these malware infected USB drives can deliver tools threat actors will use of further exploitation and propagation if carelessly used. IT Security training and infomercials would have helped initial victims of this USB delivered malware by educating and reminding them to simply not plug in USB drives to corporate or personal computers as they should be suspicious of these devices as it could contain malware. Here is a snippet of a video of a penetration tester noting high success rate of victims of plugging in USB drives with malware baited by scattering them around a target organization or simply putting it in an envelope with the name of the unsuspecting victim (name found thru nameplate on the victim's desk) - https://youtu.be/6i-84wqc_qU?t=306. As a reminder, be suspicious of USB devices lying around - either in public or in the workplace - don't plug it in your devices - and organizations should have IT Security policy in handling such devices. \n FBI wipes Chinese PlugX malware from thousands of Windows PCs in America https://www.theregister.com/2025/01/14/fbi_french_cops_boot_chinas/ \n https://www.justice.gov/opa/pr/justice-department-and-fbi-conduct-international-operation-delete-malware-used-china-backed \n https://www.tribunal-de-paris.justice.fr/sites/default/files/2024-07/2024-07-24%20-%20CP%20d%C3%A9mant%C3%A8lement%20botnet%20d%27espionnage%20plugX.pdf \n https://blog.sekoia.io/plugx-worm-disinfection-campaign-feedbacks/ \n DOJ, FBI remove malware from thousands of infected computers https://www.youtube.com/watch?v=o_Z_3EqX5aw \n \"How Does PlugX Work? The ultimate goal of any RAT is to remotely control affected devices with a wide range of capabilities, which in PlugX’s case has typically included rebooting systems, keylogging, managing critical system processes, and file upload/downloads. One technique PlugX heavily relies on is dynamic-link library (DLL) sideloading to infiltrate devices. This technique involves executing a malicious payload that is embedded within a benign executable found in a data link library (DLL) [1]. The embedded payload within the DLL is often encrypted or obfuscated to prevent detection. \n What’s more, a new variant of PlugX was observed in the wild across Papua New Guinea, Ghana, Mongolia, Zimbabwe, and Nigeria in August 2022, that added several new capabilities to its toolbox.\" \n https://darktrace.com/blog/plugx-malware-a-rats-race-to-adapt-and-survive \n \n Salt Typhoon's trail \n \"Beijing's Salt Typhoon cyberspies had been seen in US government networks before telcos discovered the same foreign intruders in their own systems, according to CISA boss Jen Easterly. \n Speaking at a Foundation for Defense of Democracies (FDD) event on Wednesday, the agency director said her threat hunters detected the Chinese government goons in federal networks before the far-reaching espionage campaign against people's telecommunications providers had been found and attributed to Salt Typhoon. \n \"We saw it as a separate campaign, called it another goofy cyber name, and we were able to, based on the visibility that we had within the federal networks, connect some dots,\" and tie the first set of snoops to the same crew that burrowed into AT&T, Verizon, and other telecoms firms' infrastructure, Easterly noted. \n By compromising those telcos – specifically, the systems that allow the Feds to lawfully monitor criminal suspects – Salt Typhoon had the capability to geolocate millions of subscribers, access people's internet traffic, and record phone calls at will. \n This visibility into federal government networks, combined with private-industry tips coming into CISA, led to the FBI and other law enforcement agencies obtaining court-approved access to Salt-Typhoon-leased virtual private servers. \n \"That then led to cracking open the larger Salt Typhoon piece,\" Easterly said. \n Still, she cautioned, \"what we have found is likely just the tip of the iceberg\" when it comes to Chinese intrusions into American critical infrastructure.\" \n China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says https://www.theregister.com/2025/01/15/salt_typhoon_us_govt_networks/ \n \n Medusa $600k demand \n \"Another year and yet another UK local authority has been pwned by a ransomware crew. This time it's Gateshead Council in North East England at the hands of the Medusa group. \n The council confirmed that police were investigating the \"cybersecurity incident\" on January 15, a few short hours after Medusa placed \"stolen\" documents on its data leak site. \n Gateshead said the attackers gained access to its systems on January 8, that officers have been working on the case since then, and that some personal data \"has been infringed.\" \n Medusa uploaded a 31-page slideshow on its site comprising various documents it claims to have stolen from Gateshead council. A cursory examination shows personally identifiable information (PII) in the form of full names, email addresses, home and mobile phone numbers, home addresses, employment histories, and more. \n \"Protecting the public is our top priority and I want to reassure our residents and stakeholders we take such situations extremely seriously.\" \n Residents were advised to be vigilant to potential phishing attempts and other fraudulent activity. They were also told to review passwords to ensure they are strong and unique, and to change them if there are signs of compromise. \n Medusa's site indicates that it's demanding a $600,000 ransom payment for the deletion of data, although security experts routinely warn that criminals' promises to delete data are rarely genuine.\" \n Medusa ransomware group claims attack on UK's Gateshead Council https://www.theregister.com/2025/01/17/gateshead_council_cybersecurity_incident/ \n \n Star Blizzard credential phishing expeditions \n \"Star Blizzard, a prolific phishing crew backed by the Russian Federal Security Service (FSB), conducted a new campaign aiming to compromise WhatsApp accounts and gain access to their messages and data, according to Microsoft. \n The group's credential phishing expeditions typically go after government, diplomatic, and defense policy targets — specifically with an eye on officials and researchers whose work involves Russian policy and assistance to Ukraine. This one, we're told, was unique in that it attempted to compromise WhatsApp accounts via emails inviting victims to join a fake WhatsApp group. \n \"This is the first time we have identified a shift in Star Blizzard's longstanding tactics, techniques, and procedures (TTPs) to leverage a new access vector,\" Redmond disclosed in new threat intelligence on Thursday. \n Star Blizzard is also tracked as Callisto Group and Coldriver. This particular campaign, similar to earlier efforts, begins with an email impersonating a US government official. What's new is that it includes a QR code inviting recipients to join a WhatsApp group on \"the latest non-governmental initiatives aimed at supporting Ukraine NGOs.\"\" \n Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts https://www.theregister.com/2025/01/16/russia_star_blizzard_whatsapp/ \n \n $659 million stolen by blockchain bandits \n \"North Korean blockchain bandits stole more than half a billion dollars in cryptocurrency in 2024 alone, the US, Japan, and South Korea say. \n The sum of stolen assets totaled a little more than $659 million across five major incidents, although just two contributed a large portion of that. \n The BitcoinDMM crypto exchange was raided for $308 million in May 2024 – the biggest haul of the five heists - by a group tracked by law enforcement agencies as TraderTraitor. \n To pull it off, the North Korean attackers upended their usual playbook of seeking employment at Western organizations and assumed the role of recruiter. \n The attack on Indian crypto exchange WazirX also raked in a pretty penny for Kim's crew – $235 million to be precise. \n Mere months after the BitcoinDMM attack, WazirX was hit in July and according to Arkham data, by September North Korea had laundered most of the stolen assets using the Tornado Cash mixer service. \n The FBI said in September, around the time it started noticing a significant uptick in North Korea's targeting of the crypto industry: \"North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea's determination to compromise networks connected to cryptocurrency assets.\" \n Crypto klepto North Korea stole $659M over just 5 heists last year https://www.theregister.com/2025/01/15/north_korea_crypto_heists/ \n These news on Twill Typhoon, Salt Typhoon, Medusa, Star Blizzard and TraderTraitor compromising governments, running campaigns to take control specific target accounts, holding hostage respective countries citizen's data for ransom, stealing large amounts of crypto is a result of missing security protections in government, telco and financial organization's infrastructure, gaps in security training and identifying security incidents and responding to it and security flaws in executing critical processes and operations. As defenders, we must be more vigilant in implementing security roadblocks, apply more security scrutiny in our interactions with our peers, customers and common folks and ensure we are following security best practices when executing tasks and guiding our peers on security related concerns. If something is a miss on a critical process and we think it might be a loophole, voice it out and share it with relevant process owner and security teams to have it reviewed and corrected. Keep systems up to date and implement mitigations and protections to make it harder and ultimately prevent attempts of exploitation. As seen many times, a small crack in the perimeter defense of organizations is a potential entry point of malicious threat actors. \n \n CVE-2022–40684 haunting Fortinet \n \"Fortinet has confirmed that previous analyses of records leaked by the Belsen Group are indeed genuine FortiGate configs stolen during a zero-day raid in 2022. \n The leaked data includes IP addresses, configurations (including firewall rules), and passwords – some of which were in plain text, according to infosec watcher Kevin Beaumont, who first covered Belsen's data dump. \n Beaumont also said the leak appeared to contain files related to around 15,000 Fortinet devices, organized by country of origin. The vendor didn't comment on the scale of the incident. \n The researcher advised customers to be vigilant of possible exploitation, even if they patched back in 2022. If patches were applied after October 2022, when CVE-2022–40684 was exploited as a zero-day, then there could still be a chance that their configs were lifted. \n Fortinet's take was a little more light-touch, confirming the majority of devices affected by the vulnerability have since been patched. \n \"If your organization has consistently adhered to routine best practices in regularly refreshing security credentials and taken the recommended actions in the preceding years, the risk of the organization's current config or credential detail in the threat actor's disclosure is small,\" it said on Thursday. \n \"We continue to strongly recommend that organizations take the recommended actions, if they have not already, to improve their security posture.\" \n Fortinet: FortiGate config leaks are genuine but misleading https://www.theregister.com/2025/01/17/fortinet_fortigate_config_leaks/ \n https://doublepulsar.com/2022-zero-day-was-used-to-raid-fortigate-firewall-configs-somebody-just-released-them-a7a74e0b0c7f \n When there is a critical CVE in one of your systems, it is best to update/upgrade them as soon possible, ideally, do not expose management interfaces to the public internet and ensure that only trusted users and networks have access to these systems. The data dump of compromised devices opens up identified organizations to possible exploitation attempts. If there is suspicion of compromised systems, user accounts passwords or configuration, follow your organization's security incident response process. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"18329","kudosSumWeight":1,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkyMzYtV0VMSUVD?revision=2\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:339137":{"__typename":"Conversation","id":"conversation:339137","topic":{"__typename":"TkbTopicMessage","uid":339137},"lastPostingActivityTime":"2025-01-16T11:31:29.108-08:00","solved":false},"User:user:241262":{"__typename":"User","uid":241262,"login":"MegaZone","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yNDEyNjItMTg4ODFpN0U1OEE0RTAwMDg0NDJGMQ"},"id":"user:241262"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkxMzctZ2lyTnhz?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkxMzctZ2lyTnhz?revision=2","title":"SIRT_DevCentral.jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:339137":{"__typename":"TkbTopicMessage","subject":"A Very Chinese New Year","conversation":{"__ref":"Conversation:conversation:339137"},"id":"message:339137","revisionNum":2,"uid":339137,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:241262"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Happy New Year everyone! It's a new year, with new news, and the same old(er) MegaZone. This time we're looking at the news that I found worthy from the week of January 5-11, 2025. (Have you gotten used to typing 2025 yet?) I found it to be a fairly slow news week, and not much really grabbed my attention enough that I felt it was worth commenting on. That's not too unusual for the start of a new year, as there is often a bit of a post-holiday lull. Not that there was no news at all, it is never truly quiet in cybersecurity, just that most of it was run-of-the-mill stuff, IMHO. \n Oh, and as for the title of this 'issue', I know the Lunar New Year (aka Chinese New Year) isn't until January 29th, but I couldn't pass up the play on words given the topic below. And with that, let's dive in. \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":141},"postTime":"2025-01-16T11:31:29.108-08:00","lastPublishTime":"2025-01-16T11:31:29.108-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Happy New Year everyone! It's a new year, with new news, and the same old(er) MegaZone. This time we're looking at news that I found worthy from the week of January 5–11, 2025. (Have you gotten used to typing 2025 yet?) I found it to be a fairly slow news week, and not much really grabbed my attention enough that I felt it was worth commenting on. That's not too unusual for the start of a new year, as there is often a bit of a post-holiday lull. Not that there was no news at all. It is never truly quiet in cybersecurity, just that most of it was run-of-the-mill stuff, IMHO. \n Before I dive into this week's news, I'm going to abuse my editorial power to plug a couple of things. F5 Labs published their 2025 Cybersecurity Predictions, which is also a look back at the 2024 predictions, and how they panned out. Let's see how the new predictions play out this year. \n Speaking of the 2025 Cybersecurity Predictions, that was one of the two subjects we covered in the December episode of AppSec Monthly. The other topic was a look at the a topic from my last issue of TWIS, the Hack The Box study on mental health of security professionals. It's a subject I care about quite a bit, and something I've seen many of my peers struggle with, and have struggled with myself. We work in an intense, stressful field, and there is a general attitude of 'toughing it out', which just defers the impacts. \n This was my third episode of AppSec Monthly, starting in October. I am the new 'permanent' F5 SIRT host, so you should see me each month. Hopefully I'll get better at it with practice and you can follow along with the playlist, as well as checking out past episodes. I have some big shoes to fill with Aaron's departure, hopefully I can uphold the high standard he set. AppSec Monthly is also available as a podcast on Spotify, iTunes, and probably other platforms I'm forgetting about. \n Oh, and as for the title of this 'issue', I know the Lunar New Year (aka Chinese New Year) isn't until January 29, but I couldn't pass up the play on words given the topic below. And with that, let's dive in. \n Year of the Snake \n Last week Chris wrote about a Chinese APT targeting the US Treasury and my main topic this week is a continuation and expansion of that. Cybersecurity news in recent weeks has been full of stores relating to Chinese threat actors. That's a major, evolving story, which reaches beyond cybersecurity into global geopolitics. Without getting too deep into US politics, with the new presidential administration's prior attitudes toward and comments on China, I expect these events to have some significance. \n I'm going to rewind a bit to the previous week, which still saw stories about Chinese APT Salt Typhoon compromising multiple US telco providers, giving them the ability to geolocate millions of devices and record any communications. The actual extent of the intrusion is reportedly much more limited, with actions targeted at specific, high-value individuals, but the access was there. At the same time there was also coverage on the US Treasury Department being compromised due to a vulnerability in BeyondTrust. Within days this coverage was updated to highlight that the Office of Foreign Assets Control (OFAC), the Treasury department that administers economic and trade sanctions, was specifically targeted. \n As we entered this week, it was reported that OFAC was sanctioning Beijing-based Integrity Technology Group, Inc., a cybersecurity group that has been linked to state-sponsored APT Flax Typhoon (not to be confused with Salt Typhoon). Flax Typhoon was involved with malicious actions against US critical infrastructure providers in 2022 and 2023, utilizing Integrity's infrastructure to conduct their operations. The US State Department claims Flax Typhoon has targeted governmental organizations, telecommunications providers, media companies, and others, both within the US and in a number of other countries, most prominently Taiwan. You can see why OFAC would be of particular interest to a state-sponsored Chinese APT, providing insight toward potential upcoming sanctions. \n Coverage of these issues continued throughout the week. CISA stated that the BeyondTrust Treasury Department hack did not affect other federal agencies, which was a bit of good news. The primary BeyondTrust vulnerability was a critical command injection, assigned CVE-2024-12356, and this was added to CISA's Known Exploited Vulnerabilities (KEV) list in mid-December. There was also a medium-severity vulnerability involved, CVE-2024-12686. This second vulnerability was itself just added to the KEV this week. Another piece of good news came when both AT&T and Verizon, two of the nine telecom providers compromised by Salt Typhoon, reported that they'd purged the intrusion from their networks. Both vendors claim that they've notified all individuals who were targeted by Salt Typhoon, so if you haven't heard otherwise I guess you can assume you're safe. \n Early in the week, speaking at a Foundation for Defense of Democracies event, National Cyber Director Harry Coker Jr. called for the US to do more to deter China as a cybersecurity threat. Exactly what needs to be done to deter China seems to be less clear. What's been done so far appears to be completely ineffective, so more of the same doesn't seem like it would cut it. Then late in the week, it was reported that the Treasury breach also targeted the Committee on Foreign Investment in the US (CFIUS). This office with the Treasury, as the the name implies, oversees foreign investment, such as from China, in the US. One of their recent actions had been to step of review real estate sales near US military bases, in particular sales to Chinese entities. \n China has, of course, largely denied their involvement in any or all of this. \n Of course, mixed into all of this is the looming, absolutely idiotic, TikTok ban on January 19. The ban is nothing but ineffective political posturing, IMHO, if my opinion wasn't clear. It's disrupting the lives, and livelihoods, of millions of users and creators because politicians got their knickers in a twist over a popular social media platform, gasp, not being US-owned! Of course, the same people flip out when other nations take a similar view toward US-owned platforms operating in their countries. \n The irony is that the ban - due to TikTok being owned by China's ByteDance, and pearl-clutching and hand-wringing over China being able to influence content (as if foreign entities don't rabidly influence content on X, Facebook, Instagram, or any non-Chinese owned social media platform) - seems to be driving many people to move to a similar app, RedNote aka Xiaohongshu . RedNote is also Chinese-owned, and even more closely aligned with China as their primary user base is Chinese, unlike TikTok. That's just a beautiful example of the law of unintended consequences. Ifthe US government wanted an efficient way to make a generation resent them, they seem to have found it. \n The ban is just another factor in the tense geopolitical situation. I'msure we're far from seeing the end of these issues, and I'm just as sure there will be more to come. WhatI'm not at all sure about is how this will all play out. \n \n https://www.theregister.com/2024/12/30/att_verizon_confirm_salt_typhoon_breach/ \n https://www.theregister.com/2024/12/31/us_treasury_department_hacked/ \n https://www.theregister.com/2025/01/02/chinese_spies_targeted_sanctions_intel/ \n https://www.cybersecuritydive.com/news/treasury-sanctions-flax-typhoon/736538/ \n https://www.scworld.com/news/us-sanctions-chinese-service-provider-for-supporting-threat-group \n https://www.cybersecuritydive.com/news/cisa-hack-treasury-federal-agencies/736654/ \n https://www.cybersecuritydive.com/news/att-verizon-salt-typhoon/736680/ \n https://www.cybersecuritydive.com/news/national-cyber-director-coker-china-deterrence/736920/ \n https://www.scworld.com/news/chinese-hackers-breach-office-that-reviews-foreign-investments-in-us \n https://www.theregister.com/2025/01/10/china_treasury_foreign_investment/ \n https://www.cybersecuritydive.com/news/cisa-second-beyondtrust-cve-exploited/737288/ \n https://www.cisa.gov/news-events/alerts/2024/12/19/cisa-adds-one-known-exploited-vulnerability-catalog \n https://www.cisa.gov/news-events/alerts/2025/01/13/cisa-adds-two-known-exploited-vulnerabilities-catalog \n \n Digital Urbex \n The exploration of abandoned infrastructure in the physical world, often called Urban Exploration, or Urbex, can be fun and interesting. Also perhaps marginally legal. And dangerous. But fun. I'll just say Union Station in Worcester, MA had a very interesting interior, very Planet of the Apes, before it was restored and reopened. Anyway, it looks like a bit of digital urbex can be similarly fun and interesting, and entails less physical danger. Though still perhaps marginally legal. \n It turns out that if you're of a criminal bent and decide to save some labor by purchasing existing web shell backdoors on your target's devices from like minded individuals, those web shells may contain backdoors giving their creators access to all of your work. (Insert 'Inception' joke here.) These backdoors in backdoors call out to domain names for command and control. \n Sometimes their creators let those domain names lapse, as covered by watchTowr Labs in their new report. You may recall watchTowr from last September when they accidentally took over the ,mobi TLD. That one is also a very interesting read, and if I'd been on TWIS duty that week I'm sure I would've included it as it's a good tale. They share a similarity in exploiting abandoned or expired infrastructure to gain access to systems. Do check that one out too, but now back to the current news. \n By disassembling web shell malware to uncover the encoded domain names, they were able to register the unclaimed domains to start monitoring any incoming requests. And boy did they get some requests. They've uncovered more than 4,000 unique and live backdoors, and counting. All from commandeering the backdoors' backdoors' C&C domains. The compromised systems include governmental systems and Bangladesh, China, and Nigeria, universities or higher education systems in Thailand, China, South Korea, and much more. \n Of course, this left watchTowr with responsibility for this backdoor infrastructure. If they allowed the domains to once again lapse, someone with ill-intent would be able to exploit them. But that won't happen, as The Shadowserver Foundation has taken ownership of the domains and will sinkhole them to prevent their use. \n I wonder if watchTowr will be exploring any more abandoned digital infrastructure. I hope they do, the results have been interesting. \n \n https://www.theregister.com/2025/01/08/backdoored_backdoors/ \n https://cyberscoop.com/malicious-hackers-have-their-own-shadow-it-problem/ \n https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/ \n \n VulnCon 2025 Approaches \n The 2025 Vulnerability Management Ecosystem Collaboration, Ideation, and Action Conference, aka VulnCon 2025 (let's all agree to never use that full name, OK?), is returning to Raleigh, NC Monday, April 7th through Thursday, April 10th. We'll be back at the North Carolina State University McKimmon Center, the same location as last year. This year it is four days, up from three, and we have more space in the facility, which all translates to more content. I'm saying 'we' because I am, again, one of the organizers, as a co-chair of the CVE.org Vulnerability Conference and Events Working Group (VCEWG). VulnCon is Co-Hosted by FIRST and the CVE Program. \n Last year we sold out the in-person admission and this year, even with the additional capacity, we expect to do so again. So, if you are thinking of attending in person, don't wait too long to register. Standard registration is US $300.00 through March 9th, and late registration is US $375.00 after March 9th - until sold out. Registration includes 'coffee breaks' and buffet lunches, and an on-site Welcome Reception on Monday, April 7. \n VulnCon is a hybrid event, and all panels will be streamed. Virtual admission is only US $100.00. Virtual is better than nothing, but if you can be there in person I encourage it; the Hallway Con is strong. There's also a ticketed Offsite Social on Tuesday, April 8 19:00-21:00 in downtown Raleigh—tickets are $30. \n The CFP is still open (see the next item below), so the 2025 program has yet to be finalized, but you can get an idea of what to expect from last year's program. \n \n https://www.first.org/conference/vulncon2025/ \n \n VulnCon 2025 CFP Extended \n The VulnCon Call For Papers deadline was Wednesday, January 15 - the day I'm wrapping up this edition of TWIS. But on the 14th, having heard from a few procrastinators, we extended the deadline to a hard stop of Friday, January 31, 2025. We will not be extending it again as we need time for the review committee to finalize selections, while leaving enough time for those selected to prepare their materials. \n If you've been procrastinating and thought you missed the deadline, or if this is the first your hearing of this and have something you'd like to present, you have a couple of weeks to get those proposals in. Don't wait until the 31st. If you'd like an idea of the type of content VulnCon is looking for, check out last year's program. \n \n https://www.first.org/conference/vulncon2025/cfp \n \n Pro Tip on VulnCon Hotels \n As mentioned above, VulnCon is in Raleigh, NC April 7–10. The Dreamville (Music) Festival is in Raleigh, NC April 5-6 - the weekend just before VulnCon. This has caused a bit of a squeeze on hotel rooms that weekend. Some hotels are booked for the weekend, and most of them appear to have increased their room rates for those nights due to the increased demand. Unsurprisingly, the lower-priced hotels have the least availability, and if you try to book a room for the week, with a weekend arrival, you may only find more expensive options. Of course, you could always attend the festival and then come to VulnCon and twofer your trip. \n Availability increases, and room rates decrease, beginning Monday. One option would be to arrive Monday morning and avoid the higher weekend rates entirely. Another option is to book whatever is available for the weekend and then make a separate reservation starting on Monday at a more affordable hotel, to reduce your overall travel spend. I need to be there before Monday, so that's what I'm doing—and it saved around $800 for the week. \n In either case, you will be able to check bags at the McKimmon Center for the day. So you could come straight there Monday, or checkout of your first hotel and bring your bag(s) for the day, and then check in to your hotel for the rest of the week that evening. There is a list of suggested hotels on the VulnCon site. Most of them are in and around downtown, but the TownePlace Suites and Holiday Inn Express & Suites are perhaps the closest to the facility, on the other side of campus from downtown, and a very short ride—literally at the end of the road the McKimmon is on. They're both fairly new, built in 2020 I believe, and are decent. I stayed at TownePlace last year and had a great experience, so I will be doing so again. \n Maybe this will save you a little frustration, and a few bucks. \n \n https://www.first.org/conference/vulncon2025/hotel \n \n That Was the Week That Was \n Thank you for your time and attention this week. I hope you found something of value in my ramblings. \n As always, if this is your first TWIS, you can always read past editions. I also encourage you to check out all of the content from the F5 SIRT. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"16116","kudosSumWeight":1,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkxMzctZ2lyTnhz?revision=2\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:338951":{"__typename":"Conversation","id":"conversation:338951","topic":{"__typename":"TkbTopicMessage","uid":338951},"lastPostingActivityTime":"2025-01-08T11:42:22.746-08:00","solved":false},"User:user:217342":{"__typename":"User","uid":217342,"login":"Christopher_Pa1","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yMTczNDItSUNpMG9j?image-coordinates=0%2C0%2C160%2C160"},"id":"user:217342"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg5NTEtaUgxa3A0?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg5NTEtaUgxa3A0?revision=2","title":"SIRT_DevCentral.jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:338951":{"__typename":"TkbTopicMessage","subject":"Soldier Arrested, Crypto Malware, Wash. St. Sues T-Mobile, US Treasury Breach, LDAPNightmare PoC","conversation":{"__ref":"Conversation:conversation:338951"},"id":"message:338951","revisionNum":2,"uid":338951,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:217342"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":291},"postTime":"2025-01-08T11:42:22.746-08:00","lastPublishTime":"2025-01-08T11:42:22.746-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Notable news for the week of December 30 through January 6. Your editor this week is Chris from the F5 Security Incident Response Team. For this edition we have a U.S. Army soldier being arrested on the AT&T and Verizon extortions; a summary of wallet-draining malware for 2024; the Washington State Attorney General suing T-Mobile; sanction intel targeted by Chinese spies, and the release of a PoC exploit for CVE-2024-49113. \n \n U.S. Soldier Arrested for Cyber Crimes \n On December 20th, Federal authorities arrested Cameron John Wagenius, a 20-year-old U.S. Army soldier on suspicion of being 'Kiberphant0m'. Kiberphant0m is a cybercriminal who has been selling and leaking sensitive customer call records from AT&T and Verizon. He is a communications specialist and was recently stationed in South Korea. According to his mother, he has acknowledged being associated with 'Judische', another cybercriminal from Canada who was arrested in October for stealing data and extorting companies who stored data with the cloud service Snowflake. In interviews, Judische claimed to outsource the selling to individuals like Kiberphant0m and others. Kiberphant0m has posted claims that he has hacked into at least 15 telecommunications firms, including AT&T and Verizon. When Judische was arrested, Kiberphant0m had gone online and posted claims they had call logs of President-elect Donald Trump as well as current Vice President Kamala Harris and threatened to leak them. One of the biggest takes in this story is that law enforcement is getting faster and more efficient at going after cybercriminals. \n https://krebsonsecurity.com/2024/12/u-s-army-soldier-arrested-in-att-verizon-extortions/#more-69925 \n \n Wallet Drainer Damage in 2024 \n Almost $500 million in cryptocurrency was stolen in 2024 through using wallet drainer malware. This was done through the scamming of more than 332,000 victims, according to anti-scam firm Scam Sniffer. Wallet drainers are malware that is designed to trick the victims into signing malicious transactions. The result of this is that their assets will end up getting stolen. The approximately $494 million that was stolen accounts for a 67% year-over-year increase, with the largest single theft amounting to $55.48 million! The attacks were more frequent at the beginning of 2024, Scam Sniffer stated. But the two largest single losses were in August and September. \n https://www.securityweek.com/wallet-drainer-malware-used-to-steal-500-million-in-cryptocurrency-in-2024/ \n \n Washington State Attorney General Files Lawsuit Over Breach \n In response to the 2021 Data Breach that affected 76.6 million people, Washington State Attorney General Bob Ferguson filed a lawsuit against wireless carrier T-Mobile. The breach was disclosed in August of 2021, and the following year, T-Mobile agreed to pay $350 million to settle a class action lawsuit over the breach. Then last year, they also agreed to pay a $15.75 million civil penalty to settle an FCC investigation. Ferguson is suing over T-Mobile's lack of proper security controls regarding customer’s personal data. It was also asserted that the carrier knew about certain vulnerabilities and failed to address them properly. The lawsuit also states that T-Mobile misled customers by claiming that the protection of collected personal data was a top priority. The breach resulted in the disclosure of data such as names, addresses, driver's license information, and for 183,406 residents of Washington State, it also resulted in the disclosure of their Social Security Numbers. Another key factor in this is that a lack of security monitoring prevented the wireless carrier from discovering the breach for almost half a year. They ended up being tipped off by an outside, anonymous source. This highlights the crucial need for robust security monitoring. \n https://www.securityweek.com/washington-attorney-general-sues-t-mobile-over-2021-data-breach/ \n \n Chinese APT Targets U.S. Treasury \n On December 30, the U.S. Treasury sent a letter to Congress revealing a cyberattack, stating that that was specifically targeted at the Office of Foreign Assets Control (OFAC). The letter attributed the breach to a \"China state-sponsored Advanced Persistent Threat (APT) actor\". This illustrates the measures that the country is taking to gather intelligence on the U.S., especially in regards to groups that may be involved in placing sanctions on Chinese entities. The intrusion was blamed on an earlier BeyondTrust security incident where malicious actors stole an API key for the software maker's Remote Support SaaS product. This allowed remote access into some of the Treasury's workstations and any possible unclassified documents maintained by those users. BeyondTrust has been involved in helping law enforcement investigate this issue and has contacted any customers that have been affected. \n https://www.theregister.com/2025/01/02/chinese_spies_targeted_sanctions_intel/ \n \n PoC for CVE-2024-49113 \n A Proof-of-Concept (PoC) exploit has been released for a patched flaw that impacts Windows LDAP that could result in a Denial of Service. The vulnerability is tracked via CVE-2024-49113 which has a CVSS score of 7.5. It was updated in December by Microsoft along with another LDAP vulnerability CVE-2024-49112 which is a critical with a score of 9.8. The PoC was devised by SafeBreach Labs and is codenamed LDAPNightmare. It is designed to crash any upatched Windows Server as long as the DNS server of the victim has internet connectivity. By sending a specific Remote Procedure Call to the victim server, a reboot can be forced casuing a DoS. The researchers also found that the same exploit chain can be leveraged to achieve a remote code execution through CVE-2024-49112 by modifying one of the packets used. As said time and time again it is crucial to update systems a soon as possible to reduce the risk that is posed by vulnerabilities that come out. \n https://thehackernews.com/2025/01/ldapnightmare-poc-exploit-crashes-lsass.html \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"6251","kudosSumWeight":4,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg5NTEtaUgxa3A0?revision=2\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:338729":{"__typename":"Conversation","id":"conversation:338729","topic":{"__typename":"TkbTopicMessage","uid":338729},"lastPostingActivityTime":"2025-01-06T12:51:29.581-08:00","solved":false},"User:user:419633":{"__typename":"User","uid":419633,"login":"Koichi","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS00MTk2MzMtMjUxMTJpODRENkE1RkUxRjBDNkI2QQ"},"id":"user:419633"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg3MjktUWNGR3hv?revision=5\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg3MjktUWNGR3hv?revision=5","title":"F5SIRT.jpeg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:338729":{"__typename":"TkbTopicMessage","subject":"Advent Calendar, IPA alert, Active Cyber Defense, call ChatGPT","conversation":{"__ref":"Conversation:conversation:338729"},"id":"message:338729","revisionNum":5,"uid":338729,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:419633"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":209},"postTime":"2024-12-23T14:58:59.308-08:00","lastPublishTime":"2025-01-06T12:51:29.581-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Merry Christmas and Happy Holidays to all. \n Notable news for the week of Dec 15–21, 2024. This week, your editor is Koichi from F5 Security Incident Response Team. In this edition, I have security news about Advent Calendar, IPA alert, Active Cyber Defense, and ChatGPT. \n We at F5 SIRT invest a lot of time to understand the frequently changing behavior of bad actors. Bad actors are a threat to your business, your reputation, your livelihood. That’s why we take the security of your business seriously. When you’re under attack, we’ll work quickly to effectively mitigate attacks and vulnerabilities, and get you back up and running. So next time you are under security emergency, please contact F5 SIRT. \n Advent Calendar (security) \n Merry Christmas. An Advent calendar is a calendar used to count the days leading up to Christmas. Following this tradition, computer engineers have a custom of posting an article a day on a technical topic between 12/1 and 12/24. In most cases, articles are posted on programming techniques and other topics, but there are also advent calendars on cybersecurity. Google “advent calendar security 2024” and you may find cybersecurity-related advent calendar articles in your language. For example : (search result) \n Alert for the Year-end and New Year's Holidays \n IPA (Information-technology Promotion Agency) is an information technology promotion agency focused on IT Security in Japan. On December 17th, they issued a \"Cyber security alert for the year-end and New Year holidays\". In Japan, most businesses and government offices are closed from the end of December to January 4. This is called the Year-End and New Year holidays. Generally speaking, fewer-than-usual employees, including network/security engineers, work during this period. The alert calls for strengthening countermeasures against “Network penetration attacks” that exploit vulnerabilities in routers and VPN devices at the boundaries of an organization's network, since fewer employees are at work. \n They warn of the threat of “Network penetration attacks”, in which a targeted attack or APT attack breaches network defenses, resulting in information leakage, tampering, ransomware attacks, as well as being exploited as a step device for springboard attacks, and more The measures they advocate are not special. As usual, reinforcing measures such as daily log monitoring, vulnerability/threat intel collection, and checking the normal status of devices, and furthermore, developing a system based on information from product vendors, formulating procedures for responding to zero-day vulnerabilities, and confirming and improving the operability of the system and procedures. \n The introduction of “Attack Surface Management (ASM)” is also introduced as an effective countermeasure; ASM is a service to understand the company’s IT assets from the attacker’s perspective from the outside and manage vulnerabilities. This would include security audits. \n Source: Cyber security alert for the year-end and New Year holidays(Japanese) \n Source: Attack Surface Management Implementation guidance (Japanese) \n \"Active Cyber Defense\" continued. \n In a former TWIS article, I wrote about the “Active Cyber Defense” bill that the Japanese government is trying to introduce, and on December 19, the outline of a bill of that nature was revealed. The main pillars of the bill are to strengthen the protection of key infrastructures such as electricity and railroads, and to establish a third-party organization to check the appropriateness of the collection of communications information. The Cabinet is expected to approve the bill in late January next year and submit it to the ordinary parliamentary session. \n To be consistent with the “secrecy of communication” (Article 21 of the Japanese Constitution), which has been pointed out as an issue, the third-party organization will be defined as a highly independent “Article 3 Committee” based on Article 3 of the National Government Organization Law. The Committee will be responsible for inspecting whether the government is collecting information more than the necessary limits and whether it is properly disposing of information that is no longer needed. \n The new law is tentatively called the “Bill on Prevention of Damage to Critical Computers” and it specifies a policy to promote the use of communications, information, and cooperation between the public and private sectors to prevent damage from cyber attacks. In addition, a bill to amend related laws to give the police and the Japanese Self-Defense Forces (JSDF) the authority to take detoxification measures will also be submitted. \n Source: Government to Strengthen Protection of Critical Infrastructure Cyber Defense Bill (Japanese) \n Call ChatGPT \n ChatGPT is well-known for its chat service. However, OpenAI has launched a new service with ChatGPT: Calling and Messaging ChatGPT with your phone. If you call 1-800-ChatGPT (or WhatsApp message) and talk with ChatGPT as if you were talking to a human being. Languages other than English are supported. At least Japanese is supported, with a slight delay in response, but it was a natural response. \n Source: Calling and Messaging ChatGPT with your phone ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5262","kudosSumWeight":4,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg3MjktUWNGR3hv?revision=5\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:338837":{"__typename":"Conversation","id":"conversation:338837","topic":{"__typename":"TkbTopicMessage","uid":338837},"lastPostingActivityTime":"2024-12-31T08:36:42.436-08:00","solved":false},"User:user:172154":{"__typename":"User","uid":172154,"login":"Lior_Rotkovitch","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xNzIxNTQtMjAxMzJpNEEwNDMzMEE3QzhGNzhDRA"},"id":"user:172154"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzctMWhxNkRR?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzctMWhxNkRR?revision=4","title":"F5SIRT.jpeg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:338837":{"__typename":"TkbTopicMessage","subject":"Cyber security 2024 summary and 2025 forecasts from the news","conversation":{"__ref":"Conversation:conversation:338837"},"id":"message:338837","revisionNum":4,"uid":338837,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:172154"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" ","introduction":"","metrics":{"__typename":"MessageMetrics","views":272},"postTime":"2024-12-31T08:36:42.436-08:00","lastPublishTime":"2024-12-31T08:36:42.436-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Notable security news for the week of Dec 22 nd – Dec 28 th 2024. This week editor is Lior from F5 SIRT. As always, when a year ends, security websites and vendors summarize the most significant security issues that happened over the past year. And with every end, there is a beginning. Enter 2025 cybersecurity predictions: what will happen this year in the world of cybersecurity? Here is what I summarized regarding the end of year 2024 and 2025 prediction in the cybersecurity landscape. \n 2024 cyber summary \n In 2024, the cybersecurity landscape was marked by significant incidents and evolving threats, with \"more\" being the keyword — more of everything. CVE details show a record number of 40,152 CVEs, around 10k more than last year. The CISA site - Known Exploited Vulnerabilities Catalog - shows significant growth in the actual exploitation of vulnerabilities. Large-scale incidents such as the Snowflake Data Breach, Salt Typhoon, and Fileless Malware, along with many other names that no one can really remember, have occurred. Then the true nature of software unexpectedly reveals itself, as seen in the CrowdStrike incident. \n One of the major breakthroughs in technology is the emergence of generative AI chatbot platforms, and as with any new technology, there is a need to secure it. Generative AI chatbots are becoming popular in web applications and are used to assist with specific, tailored actions relevant to users. These AI-driven chatbots use a wrapper on a commercial chat using APIs to operate, creating a whole new playground for attacks that now try to “convince” the chat to provide details it shouldn’t. Sounds familiar? totally familiar, but this time it is not XSS or SQLi; it is the LLM itself. Which is a great opportunity to mention the F5 AI Gateway. \n I guess we can consider 2024 as a year with unprecedented levels of security events (see my 2024 prediction more of everything). \n Enter 2025 \n So now you can ask yourself, will this continue in 2025 at the same growing rates? For sure! And will cybersecurity in 2025 be the year of AI security expansion? Beyond securing LLMs themselves, threat actors are expected to leverage artificial intelligence (AI) to enhance the sophistication of their attacks. This includes the use of AI for crafting more convincing phishing schemes, automating social engineering tactics, and deploying deepfakes for identity theft and fraud. But AI can also be used for protection and cyber defense: \n \n Integration of AI in Security Operations Centers (SOCs): AI is anticipated to play a central role in SOCs, automating tasks such as threat detection, vulnerability assessments, and incident response. Human analysts will focus on strategic decision-making and handling complex threats, enhancing overall operational efficiency. \n Security \"co-pilots\": AI-driven security operations centers (SOCs) will improve threat detection and automate incident response. \n Security controls assessment powered by AI: Using \"AI Cyber Governance Platforms,\" AI will assist security personnel in understanding the real value of their security products and services, optimizing their arsenal to maximize protection. \n Agentic AI: Agentic AI is a software program designed to independently make decisions and take actions to achieve specific goals. Agentic AI is trending due to its ability to autonomously help CIOs realize their vision for generative AI to increase productivity. \n \n This all means that we are facing an even more intense year and as they say, \"It is going to be interesting.\" Recommended reading: The Top 25 Security Predictions for 2025 \n New vulnerabilities \n While summarizing and doing prediction is nice exercise, the reality is that we have new vulnerability every week, here are two of them from last week: \n New critical Apache Struts flaw exploited to find vulnerable servers \n A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. \n Apache publicly disclosed the Struts CVE-2024-53677 flaw (CVSS 4.0 score: 9.5, \"critical\")” at Dec 11”, stating it is a bug in the software's file upload logic, allowing path traversals and the uploading of malicious files that could lead to remote code execution. \"We are seeing active exploit attempts for this vulnerability that match the PoC exploit code. At this point, the exploit attempts are attempting to enumerate vulnerable systems,\" reports Ullrich. \n \n https://www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/ \n \n Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately \n Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. \n The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), \"A denial-of-service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall,\" the company said in a Friday advisory. \n Palo Alto Networks said it discovered the flaw in production use, and that it's aware of customers \"experiencing this denial-of-service (DoS) when their firewall blocks malicious DNS packets that trigger this issue.\" \n \n https://thehackernews.com/2024/12/palo-alto-releases-patch-for-pan-os-dos.html \n https://security.paloaltonetworks.com/CVE-2024-3393 \n \n Podcasts recommendation \n Finally, I have listen to those podcasts in the past week and they are worth the time spending on. \n Podcast - Three Buddy Problem \n Palo Alto network edge device backdoor, Cyberhaven browser extension hack, 2024 research highlights. \n \n https://securityconversations.com/episode/palo-alto-network-edge-device-backdoor-cyberhaven-browser-extension-hack-2024-research-highlights/ \n \n F5 DC : Announcing the new 'AI Friday' Podcast - Episode 1 \n Our own F5 folks talk about AI in a new podcast. Great job, looking forward for the next chapter. \n \n https://community.f5.com/kb/technicalarticles/announcing-the-new-ai-friday-podcast---episode-1/338527 \n \n See you all next year. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"6376","kudosSumWeight":0,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzctMWhxNkRR?revision=4\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:338463":{"__typename":"Conversation","id":"conversation:338463","topic":{"__typename":"TkbTopicMessage","uid":338463},"lastPostingActivityTime":"2024-12-17T11:55:32.165-08:00","solved":false},"User:user:56757":{"__typename":"User","uid":56757,"login":"Jordan_Zebor","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS01Njc1Ny0yMjQwNGkxRjU4NUFCNzdBRjYzQTMz"},"id":"user:56757"},"TkbTopicMessage:message:338463":{"__typename":"TkbTopicMessage","subject":"Attacks against Domain Specific Languages, EU Cybersecurity Laws, & Supply Chain Attacks","conversation":{"__ref":"Conversation:conversation:338463"},"id":"message:338463","revisionNum":4,"uid":338463,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:56757"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":119},"postTime":"2024-12-16T11:10:00.143-08:00","lastPublishTime":"2024-12-16T11:10:00.143-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Jordan_Zebor is your editor once again for this issue of This Week In Security. This week I will cover some interesting research which highlights Attacks against Domain Specific Languages, some new EU Cybersecurity Laws, & a few more instances of Supply Chain Attacks. \n \n Attacks against Domain Specific Languages \n The article highlights new attack techniques discovered in Open Policy Agent (OPA) and Terraform by security researcher Shelly Raban, who uncovered vulnerabilities in the supply chain and configuration management of these infrastructure-as-code and policy-as-code tools. The research explores how attackers can exploit these DSLs to compromise cloud identities, enable lateral movement, and exfiltrate data through various malicious techniques, such as credential theft and DNS tunneling. \n Open Policy Agent (OPA) Attacks \n OPA, a policy engine, uses Rego, a domain-specific language (DSL), to make policy decisions. Attackers can exploit vulnerabilities in OPA's supply chain by gaining access to the policy storage and uploading malicious policies. Once the malicious policy is fetched during a regular update, it can execute harmful actions like credential exfiltration. This can be done by abusing OPA's built-in functions, such as opa.runtime().env for accessing environment variables or http.send for exfiltrating sensitive data to an external server. Additionally, attackers can use DNS tunneling via the net.lookup_ip_addr function to stealthily transmit sensitive information, such as credentials, to a malicious server. \n Terraform Attacks \n Terraform, a popular Infrastructure-as-Code (IaC) tool, uses the HashiCorp Configuration Language (HCL) for declarative configurations. Terraform's CI/CD pipelines often run the terraform plan phase on pull requests, which can inadvertently trigger malicious code execution if a pull request includes a compromised module or data source. One risk arises from the use of external and HTTP data sources, which can be manipulated to exfiltrate sensitive information, such as AWS credentials, to an attacker-controlled server. Terraform also uses provisioners like local-exec and remote-exec, which can run arbitrary code on the local or remote infrastructure, making them a target for attackers who could deploy malicious scripts or even cryptocurrency miners. \n These attack techniques highlight the importance of securing IaC and PaC tools to prevent malicious code from being executed during the infrastructure provisioning or policy evaluation phases. \n \n New EU Cybersecurity Laws \n The new cybersecurity laws in the EU establish a European Cybersecurity Alert System and amend the Cybersecurity Act of 2019 to enhance security standards for managed security services. The first law creates a pan-European network of cyberhubs to improve coordinated threat detection and response across borders, leveraging AI and advanced data analytics. It also introduces a Cybersecurity Emergency Mechanism and a European Cybersecurity Incident Review Mechanism to support member states in preparing for and recovering from major cyberattacks. The second law focuses on certifying managed security services, ensuring higher quality and reducing market fragmentation by creating a unified certification scheme. \n These laws are beneficial because they foster stronger international collaboration, improve threat detection and response, and enhance the quality of cybersecurity services across Europe. By using data analytics, the alert system can enable faster and more effective responses to cyberattacks. However, the laws may also have potential drawbacks, such as the complexity of managing cross-border cooperation and ensuring privacy while sharing sensitive threat information. \n \n Software Supply Chain Attacks \n Software supply chain attacks involve the compromise of trusted software packages or their distribution channels to introduce malicious code that can harm users. The Ultralytics AI library, a widely used Python package for artificial intelligence applications, and the Solana Web3.js JavaScript SDK, utilized by decentralized applications to interact with the Solana blockchain, were both targeted in separate incidents that exploited vulnerabilities in their build processes to inject malicious payloads. \n Ultralytics AI \n The Ultralytics AI module, a popular Python package for AI, was compromised in a supply chain attack that introduced a cryptocurrency miner in versions 8.3.41 and 8.3.42. The malicious code, which caused high CPU usage, was injected through a vulnerability in the library's build environment via GitHub Actions Script Injection. After being flagged by a researcher, the compromised versions were removed, and a new release fixed the security flaw. While the payload was a miner, more severe malware risks, like backdoors, remain a concern. \n Solana Web3.js \n In a separate attack, the Solana Web3.js JavaScript SDK was modified to steal private keys from developers and users in versions 1.95.6 and 1.95.7. The malicious \"addToQueue\" function exfiltrated keys, sending them to an attacker-controlled server. The breach occurred via a compromised publish-access account. Developers were advised to upgrade to the latest release and rotate keys. The stolen funds amounted to an estimated $184,000. \n \n That's it for this week. Hope you enjoyed the content. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5392","kudosSumWeight":3,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:338438":{"__typename":"Conversation","id":"conversation:338438","topic":{"__typename":"TkbTopicMessage","uid":338438},"lastPostingActivityTime":"2024-12-12T16:52:23.849-08:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg0MzgtcHFwNFJO?revision=5\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg0MzgtcHFwNFJO?revision=5","title":"dos profile for app DDoS Lior.PNG","associationType":"BODY","width":1371,"height":632,"altText":""},"TkbTopicMessage:message:338438":{"__typename":"TkbTopicMessage","subject":"F5 BIG-IP Advanced WAF – DOS profile configuration options.","conversation":{"__ref":"Conversation:conversation:338438"},"id":"message:338438","revisionNum":5,"uid":338438,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:172154"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" F5 BIG IP Advanced WAF is the perfect tool for detection and prevention of application Distributed Denial-of-Service (DDoS) attacks against a web application. This article will review the possible configurations of the dos profile also known as Adv WAF anti DDoS feature to stop those attacks. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":220},"postTime":"2024-12-12T16:52:23.849-08:00","lastPublishTime":"2024-12-12T16:52:23.849-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" We at F5 SIRT assist F5 customers when they are under attack to detect and mitigate the attacks they are facing. The F5 BIG IP product suite can mitigate many attacks against the web applications, and the F5 SIRT publish public documentation of those mitigations. This article describes the available options in the BIG IP Advance WAF when a web app is under a DDoS attack. \n F5 BIG-IP Advanced WAF is the perfect tool for detection and prevention of application Distributed Denial-of-Service (DDoS) attacks against a web application. This article will review the possible configurations of the DOS profile, also known as Advanced WAF anti-DDoS feature to stop those attacks. \n \n DOS profile: general settings \n The first page of the DOS profile is the general settings, which include configuration that applies to the entire DOS profile. Here are a few good-to-know settings: \n \n Source IP address whitelist – Link to a page for adding source IPs to a list that will be exempt from any DOS profile mitigations. \n Geolocations – Allow and deny options to exempt or block entire countries based on source IP geolocation. \n CAPTHCA response – Editing the CAPTCHA response page that will be presented to the end user when CAPTHCA mitigation is activated. \n Single Page Application – this option should be enabled if the web application is built with a client-side framework that is sending a JSON payload to render the web pages. The DOS profile uses java script injections in HTML pages as mitigation and since applications that use JSON responses, java script can’t be injected. Enabling this option provides the functionality to inject in web applications that are built with client-side frameworks. \n \n DOS profile includes two main mitigations: \n \n TPS-based detection – Measures the ingress traffic on various entities. (Measure RPS) \n Behavioral & stress-based detection – measure backend stress and uses machine learning models. (Measure TPS) \n \n This article focuses on TPS-based detection. \n Note* The GUI indicates TPS, but it is actually measuring RPS. \n Operations mode allows the option to run the DOS profile in detection mode or in detection and mitigation mode: \n \n Transparent mode means detection only with no active mitigation applied to the traffic. Choosing transparent mode will populate the reporting and provide an idea on the right thresholds, which is useful for fine-tuning thresholds and avoiding blocking due to false positives. \n Blocking mode will activate the system’s mitigations and will block traffic according to the configuration. This is the actual value of the system, preventing offending traffic from reaching the web application. \n \n Thresholds Mode Specifies the method by which the detection is measured. We will keep it in manual mode as we want to control the settings to have the ability to fine-tune on what is being done by the system. \n \n DOS profile: TPS-based Detection \n Before reviewing the configuration, let’s examine the concept of the DOS profile with TPS-based detection. The “dos profile” is an anomaly engine that measures the amount of requests per second (RPS) arriving at the virtual server. By monitoring various points along the HTTP transaction and detecting increases in traffic, the engine presents the entity on which the RPS exceeded the defined threshold. The system considers traffic increases as an indication of a possible attack on the entity. Once the RPS exceeds the defined values, the configured mitigation will be activated on the specific entity. \n The general concepts of detection and mitigation is about: Slide 14 \n \n Monitoring entities: Source IPs, Geo IP, App URL’s & objects and FQDN \n Detecting Increase: RPS * \n Activating Mitigation: CSID, CAPTHCA, Rate limiting or Request blocking \n \n Note* The GUI indicates TPS, but it is actually measuring RPS. \n \n Detection Criteria: By Source IP \n The first type of detection in the configuration page is “by source IP” where the anomaly engine measures the amount of request per second from any source IP that arrives the virtual server. The idea is simple, any IPs that send too many RPS consider to be an offending source. Standard users will have a normal browsing pattern with few RPS arriving from a single source IP, but source IP’s that are part of a DDoS attack will send many RPS as this is what dos is all about, flooding with many requests. \n The configuration is divided into two sections: detection and mitigation \n \n Detection includes the thresholds configuration \n Ratio - relative threshold \n Fixed - absolute Threshold \n Mitigation methods: include check boxes with mitigation options. \n \n Detection: ratio \n The detection configuration consists of two lines. The first line is the relative threshold that is based on the RPS increase ratio that is calculated with two time intervals: \n \n Long - accumulates an average RPS of 1 hour, which is measured every 10 seconds \n Short - accumulates an average RPS of 10 seconds, which is measured every 10 seconds \n \n In other words, the engine measures historical (long) RPS and current (short) RPS and calculates the percentage of growth in the RPS over time. Any increase in RPS that exceeds the 500% default value will activate the enabled mitigations. \n But since RPS from single-source IP can grow from low number to big numbers at any time and the ratio calculation will be reached, we need to have another value that will be the minimum condition and act as a safety net to prevent such false positives. \n For this reason, the “TPS increase by” is AND with “Minimum TPS thresholds for detection”: at least 40 transactions per second. \n For example, if the TPS % is 640% and reached at least 40 TPS, then the condition is true and the mitigation can be activated. \n Detection: fixed \n In addition to the percentage (ratio) of RPS increases, we also have a fixed number of TPS that anything above it will be considered an attack. This is the second line of the detection section with “Absolute Threshold”. The relative thresholds and the absolute thresholds are OR’ed. Which means the first one to reach the threshold will activate the mitigations \n Detection section summary \n \n Percentage condition – over-time growth \n AND Percentage grow with minimum reached to prevent false positive \n OR fixed number growth. \n \n Having a percentage-based TPS increase and a fixed number increase makes it very useful to find the right threshold so that anything below it is not an attack and traffic above it will be considered an attack. \n Mitigation methods \n The mitigations section is where the prevention happens. When the DOS profile mode is in blocking mode, those mitigations will be activated once the detection thresholds are reached. \n There are three mitigation methods: \n \n Client-Side Integrity Defense \n CAPTCHA challenge \n Rate limiting / Request Blocking \n \n Client-Side Integrity Defense \n Client-side mitigation is a simple by effective test to understand who is the HTTP client that sends the most requests. Any request from a source IP that will pass the threshold will get a java script in the response that will reach the HTTP client and perform actions to determine if this is a bot or a browser. \n This is the main point of actions that happen when CSID is activated: \n \n Any request arrive to the virtual server will be held by the Adv WAF engine \n A fake response, including a JavaScript challenge is sent to HTTP client \n The JavaScript reach the HTTP client and check the nature of the client with some basic capabilities. A client is considered legitimate if it meets the following criteria: \n \n o The client supports JavaScript \n o The client supports HTTP cookies \n o The client executes computational challenge inside the JS \n \n The response arrives at the Advanced WAF and is evaluated. If satisfied, it is considered a legitimate client that can access the site. \n The original request is then sent to the backed servers. \n \n Key value points: \n \n CSID provides a fast way to filter simple bots and prevent them from flooding the app. \n CSID is used to identify offending HTTP clients behind source IPs that include both good clients and attacking clients. \n Transparent to the user and done “under the hood” \n If the HTTP clients access a resource file such as images that Java script can’t be injected into the response without passing the challenge, the request will be reset on the TCP/IP level. \n \n Mitigation \n \n If the client didn’t pass the challenge, any additional requests will be blocked with a reset connection on the IP level. \n If it did pass the challenge and is still sending requests that exceed the defined, DOS profile will change the mitigation to the one below. \n \n CAPTCHA Challenge \n The second mitigation is CAPTCHA that is considered the ultimate tool to verify if the HTTP client is being used by a human or not. The idea is to send a response to the originating HTTP client and ask them to answer a question that only humans can solve. Once the question is answered correctly, it is assumed that the source is a true person. \n Key points: \n \n The CAPTCHA challenge can be customized and supports HTML and Java scripts. The response edit includes “first response” and “failure response” types since the messages are different on a first attempt and a later attempt. \n The flow of the CAPTHCA is similar to the CSID \n Works at the HTTP level (above IP). Any source IP that includes many clients behind it (NAT’ed IP) will get this CAPTCHA. So instead of blocking IP, we will block the request and keep the other valid clients working. \n Note about CAPTCHA: \n \n CAPTCHA challenges can also be automated using CAPTCHA farms, solvers and other types of automation. However, even if the CAPTCHA is solved automatically, it acts as a smoking gun to incriminate a client. HTTP clients that send too many RPS and will get a CAPTCHA and the challenge is solved BUT still sending many RPS is a clear indication of an offending source, i.e. if solved and still flooding, this is an offending source which is a smoking gun for this source. \n Mitigation \n \n If answered and not sending many RPS, this is a human with valid usage. \n If answered and still sends many RPS – smoking gun for bot \n If not answers and still sends many RPS – smoking gun for bot move to the next mitigation. \n \n Request Blocking \n The last mitigation is Request Blocking, which is the most effective method when under a DDoS attack. Despite of the fact that app DDoS is a layer 7 attack, dropping the request at the network layer is the good way to reduce the amount of traffic hitting the web application. Request blocking has two options: \n \n Rate limit: will limit the amount of allowed request \n Blocking: will block all IP’s \n \n Key point \n \n Rate limiting is about reducing the amount of traffic \n Rate limiting can also drop valid users, but when there is an emergency, keeping the site up is more important than dropping the connection for a few valid users. \n Rate limits are calculated by using the long and short time frames. For example if the long time interval was 50 TPS and now there is an increase to 150 TPS (slide 19) Rate limit will reduce the source to 50 TPS. \n Any request that exists on this connection will be reset as well. \n Request blocking is done on the source IP level and not on layer 7. \n The Blocking option allows to block ALL traffic arriving from the source. (Therefore, there is no blocking on URL / site-wide) \n \n While CSID and CAPTCHA try to understand who is the offending source, bots or browsers, request blocking (rate limiting, ad blocking all) is indifferent to the “identity” and limits the amount of requests for any sources that exceed the threshold. \n Mitigation \n \n Rate limiting is used when you can’t block all the traffic, but you can still limit the amount of traffic that arrives. \n Blocking is the most aggressive mitigation since it kills the TCP IP connection, which also makes it to most effective mitigation for offloading the flood. \n \n TPS-based: by source IP – Summary \n Source IP is measuring RPS on source IP. Any source IP that exceeds defined thresholds will activate one of the three configured mitigations: \n \n Client-Side Integrity Check - filter bots \n CAPTCHA Challenge – incriminate sources \n Request Blocking – Reduce connections \n \n \n Detection Criteria: By IP Geolocation \n The next type of detection is measuring RPS per geolocation source IP’s which means measuring traffic in individual counties. Source IPs are allocated at the world level to countries, and BIG-IP has a list of those countries that map to source IPs. The detection method is the same concept of measuring an increase in requests per second arriving from a specific county with ratio-based calculations. \n When the geolocation detection criteria are reached, the following mitigation can apply: \n \n If Client Side Integrity Check is checked- all clients coming from the specific country will get the Client Side Integrity Check. \n If CAPTCHA Challenge is checked – all clients coming from the specific country will get the CAPTCHA \n If Request Blocking is checked – all clients from this country will get rate limit. In case of “block all” then all users coming from this country will be blocked at the network level. \n \n Key point \n \n DDoS arriving from a specific county that is not expected to get a service is easy. \n Remember the general setting page ? Once geolocation detection indicate an attack from a specific country is it easy to block specific countries from that page. \n Can be bypass with proxies exiting from a “good” country \n \n \n Detection Criteria: By URL \n The next detection method is “by URL” where the system monitors the request per second on all the URL’s in the site. The idea is to measure the load on the web application side and conclude which of the URL’s is being flooded. The detection concept is the similar to “by Source IP” with the same formula of ratio based on long and short (relative) with a safety net of “minimum TPS” and a fixed-based (absolute). For example: \n \n Relative thresholds: TPS increase by 500% AND at least 200 TPS \n Absolute thresholds: OR TPS reached 1000 TPS (default) \n \n The Heavy URLs checkbox will add a measurement of latency time for each URL so that URL’s that their processing time is long, will be added to the mitigated URL in addition to the URL that exceeded the threshold. (No need to define any URL in the Policy URLs page) \n When the URL detection criteria are reached, the following mitigation can apply: \n \n All clients that access the URL that exceeds RPS thresholds will get: \n \n \n \n Client-Side Integrity Check \n CAPTCHA Challenge \n \n \n \n All source IP’s that access the a URL that exceeds RPS thresholds will be rate-limit \n \n \n \n Request Blocking – Rate limit (No block all) \n \n \n Note: there are no options to block all on URL since this will make the URL unavailable to anyone, which is not something we want to do. \n Key points \n \n Since the system now measures RPS on the URL, we expect to see a higher threshold, hence the defaults are higher. \n By URL is a really good approach for detecting load-on URL from a DDoS attack that changes the source IPs every now and then (random IPs). \n Measuring RPS on the URL also helps us detect DoSing sensitive application points. For example flooding the login page to prevent users from logging in. \n Setting the right threshold for URL’s can be done by knowing the web site URL history. E.g. Max average RPS of +10%-20% can be a good starting point. \n \n \n Detection Criteria: Site wide \n The last detection is “by site wide” that provides a global RPS measurement. Sometimes the floods will avoid the thresholds of “by source IP” or “by URL and measuring site-wide provides another layer to detect increases in RPS. Measuring RPS is also a great performance problems detection tool or capacity planning reference. \n The system will monitor the amount of requests arriving to the virtual server and thresholds are calculated with a ratio of long and short AND with minimum TPS thresholds for detection. They are ORed with a fixed number of TPS reached, which is the same concept of source IP’s and by URLs. \n When the site-wide detection criteria are reached, the following mitigation measures can apply: \n \n If Client Side Integrity Check is checked- All clients that access the site will get CSID check. \n If CAPTCHA Challenge is checked – All clients accessing the web site will get CAPTCHA \n If Request Blocking is checked, clients accessing the web site will be rated limited to their historical values. \n \n Key points: \n \n Since the system is now measuring the entire app (VS), the default threshold values are higher than URL’s based. \n Fast approach to filter bot bots on the entire site with CSID. \n Low and slow attacks are less likely to exceed the by URL and by source IP threshold, and the only way to notice them is to measure the entire web application. \n Rate limits apply to current and, or new connections that exceed the threshold. \n No block all, this will not make sense. \n \n Prevention duration \n An additional mitigation strategy that the system is doing is by switching between mitigations as long as the thresholds are exceeded. \n \n Escalate top-down every 120 seconds if thresholds are still exceeding thresholds. \n Prevention fall back, according to the order in the GUI. \n \n \n \n Client Side Integrity Check -> if enabled switch to next one \n CAPTCHA Challenge -> if enabled, switch to next one \n Request Blocking \n \n \n \n Summary \n The BIG-IP Advanced WAF “dos profile” TPS-based is a powerful anomaly engine that can detect increases in RPS on source IP, Geolocation, URL and site-wide and then apply mitigations to stop the attack. The mitigations that apply to traffic range from transparent checks (CSID) human checks and incrimination tools (CAPTVCA) and aggressive load dropping with rate limiting and block-all. \n Presentation attachedץ ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"18267","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg0MzgtcHFwNFJO?revision=5\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:338401":{"__typename":"Conversation","id":"conversation:338401","topic":{"__typename":"TkbTopicMessage","uid":338401},"lastPostingActivityTime":"2024-12-11T12:19:44.201-08:00","solved":false},"User:user:73921":{"__typename":"User","uid":73921,"login":"Dharminder","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS03MzkyMS14cFZvSDI?image-coordinates=35%2C195%2C924%2C1084"},"id":"user:73921"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg0MDEtRHJBRGUy?revision=6\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg0MDEtRHJBRGUy?revision=6","title":"SIRT_DevCentral.jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:338401":{"__typename":"TkbTopicMessage","subject":"Pegasus, Salt Typhoon, Turla Covert Campaign, Windows 11 TPM2.0, and Chrome's 'Store Review'","conversation":{"__ref":"Conversation:conversation:338401"},"id":"message:338401","revisionNum":6,"uid":338401,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:73921"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":158},"postTime":"2024-12-11T12:19:44.201-08:00","lastPublishTime":"2024-12-11T12:19:44.201-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Notable security news for the week of Dec 1st-7th 2024, brought to you by the F5 Security Incident Response Team. This week your editor is Dharminder. In this edition, I have security news about Pegasus spyware and its broader scope, Salt Typhoon: Attack on Global Telecommunications providers, A Russia-linked APT group infiltrated a Pakistan-based hacking group to target Indian and Afghan government institutions, Trusted Platform Module (TPM) 2.0 - a mandatory requirement for the Windows 11 upgrade, Google Chrome’s upcoming \"Store reviews\" feature which will help users in checking website credibility, and critical security flaws in Mitel MiCollab and Lorex cameras.\" \n We in F5 SIRT invest lot of time to understand the frequently changing behaviour of bad actors. Bad actors are a threat to your business, your reputation, your livelihood. That’s why we take the security of your business seriously. When you’re under attack, we’ll work quickly to effectively mitigate attacks and vulnerabilities, and get you back up and running. So next time you are under security emergency please contact F5 SIRT. \n Ok let's get started and the find details of security news. \n \n Pegasus Spyware Infections Unveiled: Broader Scope Revealed \n Recent investigations by iVerify uncovered seven new Pegasus spyware infections targeting journalists, government officials, corporate executives, and civilians. These infections span across iOS and Android devices, affecting Apple iOS versions 14 to 16.6 and Android, with activity traced back to 2021. Scans of 2,500 user devices detected Pegasus on 2.5 devices per 1,000 scans, a significantly higher rate than previous estimates. Researchers identified five unique malware variants, utilizing zero-click exploits to gain full device control and leaving forensic artifacts in system logs. \n NSO Group's Pegasus spyware, tracked by iVerify as “Rainbow Ronin”, was found targeting broader demographics, including ordinary professionals and high-risk populations. These findings challenge the perception that such spyware focuses only on high-profile individuals. Pegasus leverages advanced techniques to silently monitor devices, steal data, and exploit vulnerabilities undetected by conventional security tools. \n iVerify emphasized a critical gap in current mobile security, revealing how sophisticated threats evade traditional detection. Their Mobile Threat Hunting feature highlights the urgency for robust, user-accessible security solutions. The investigation sheds light on the growing complexity of mobile threats, urging a shift in industry approaches to device security. \n https://www.darkreading.com/endpoint-security/pegasus-spyware-infections-ios-android-devices \n https://cybersecuritynews.com/pegasus-spyware-detected-in-new-mobile-devices/ \n \n Salt Typhoon: Cyber Espionage Campaign Targets Global Telecommunications \n The Salt Typhoon cyber espionage campaign, attributed to China-linked threat actors, has targeted telecommunications providers globally since at least 2020, compromising private communications of senior U.S. officials and others. The campaign exploited known weaknesses in network infrastructure, avoiding novel techniques but leveraging sophisticated strategies to access sensitive data. Impacted companies have yet to fully get rid of the attackers, increasing the risk of ongoing breaches. \n A joint advisory from the U.S., Australia, Canada, and New Zealand outlined technical guidance to mitigate the threat. Recommendations include strong encryption, network segmentation, centralised logging, anomaly detection, strict access controls, and the elimination of default credentials. Agencies emphasised securing devices, patching vulnerabilities, and implementing robust monitoring systems to thwart future intrusions. \n The campaign highlights vulnerabilities in critical infrastructure, drawing parallels to previous incidents like the 2021 Colonial Pipeline ransomware attack. U.S. officials stress the need for heightened cybersecurity standards across sectors to counter such nation-state threats effectively. \n https://thehackernews.com/2024/12/joint-advisory-warns-of-prc-backed.html \n https://www.pbs.org/newshour/world/at-least-8-u-s-telecom-firms-were-hit-by-chinese-hacking-campaign-white-house-says \n \n Turla Exploits Rival Hacking Group to Extend Espionage Campaigns \n The Russia-linked APT group Turla, also known as Secret Blizzard, has been managed to run a covert campaign since 2022 by infiltrating and hijacking the command-and-control (C2) servers of the Pakistan-based hacking group Storm-0156. This tactic enables Turla to leverage pre-established intrusions to deploy its own malware, including TwoDash, a downloader, and Statuezy, a clipboard-monitoring trojan. The campaign targeted Afghan government networks and Indian defence-related institutions, using Storm-0156 infrastructure to deploy malware and exfiltrate sensitive data. Turla has a history of co-opting other threat actors' infrastructure, as seen in its previous campaigns involving Iranian APTs, Andromeda malware, and the Kazakhstan-based Tomiris backdoor. \n Turla’s methods involve lateral movement to extract intelligence, such as C2 credentials and exfiltrated data. This approach minimises Turla’s effort while concealing responsibility, allowing it to piggyback on others' campaigns. Microsoft and Black Lotus Labs observed Turla deploying custom tools like MiniPocket and commandeering Storm-0156’s backdoors, including Crimson RAT and Wainscot, in South Asia-focused operations. Turla's actions signal an intentional strategy of hijacking rival infrastructure to expand its reach and intelligence-gathering capabilities. \n https://www.darkreading.com/threat-intelligence/russian-fsb-hackers-breach-pakistan-storm-0156 \n https://www.securityweek.com/spy-v-spy-russian-apt-turla-caught-stealing-from-pakistani-apt/ \n https://thehackernews.com/2024/12/russia-linked-turla-exploits-pakistani.html \n \n TPM2.0 - Requirement For Windows 11 Upgrade \n As Windows 10 support is approaching towards its end, upgrading to Windows 11 requires devices to have Trusted Platform Module (TPM) 2.0, a hardware-based security feature. TPM 2.0 provides advanced encryption, secure key storage, and enhanced cryptographic operations. It safeguards sensitive data, ensures system integrity through features like Secure Boot, and integrates with Windows security functions such as Credential Guard and BitLocker. Unlike its predecessor, TPM 2.0 supports industry-standard cryptography, enabling compatibility with a broad range of encryption algorithms and protocols. \n TPM 2.0 isolates cryptographic processes from the main CPU, creating a secure domain for critical operations, reducing the risk of unauthorised access and tampering. It also supports multi-factor authentication (MFA), strengthen endpoint security in Zero Trust strategies. By validating system integrity and encrypting data during boot processes, TPM 2.0 helps counter modern cyber threats effectively. \n Organisations must evaluate their hardware for TPM 2.0 compatibility and prepare for upgrades if necessary. Tools like Microsoft Intune and Configuration Manager can verify TPM status and facilitate compliance. The integration of TPM 2.0 enhances regulatory compliance, future-proofs systems for emerging AI and cybersecurity challenges, and aligns with evolving best practices. \n TPM 2.0 is essential for Windows 11, providing vigorous protection against evolving cyber threats. Embracing this standard, strengthens organisational data security, supports Zero Trust frameworks, and ensures resilience in the modern digital landscape. \n https://techcommunity.microsoft.com/blog/windows-itpro-blog/tpm-2-0-%E2%80%93-a-necessity-for-a-secure-and-future-proof-windows-11/4339066 \n https://www.bleepingcomputer.com/news/microsoft/microsoft-says-having-a-tpm-is-non-negotiable-for-windows-11/ \n \n Google Chrome's \"Store Review\" - Website Credibility Check \n Google Chrome’s upcoming \"Store reviews\" feature leverages AI to provide concise summaries of website credibility using data from trusted review platforms like TrustPilot and ScamAdvisor. Accessible through the \"page info bubble\" via the lock or \"i\" icon in the address bar, this tool allows users to assess site trustworthiness quickly without visiting multiple sources. Designed to enhance user safety, it mitigates risks such as fraudulent websites and malicious downloads by offering real-time insights. \n This feature is part of a broader AI integration strategy in web browsers, with competitors like Microsoft Edge, Safari, and Firefox implementing similar updates focused on security and usability. While \"Store reviews\" promises to boost e-commerce by fostering safer browsing environments, it also raises concerns about privacy, transparency, and ethical AI use. Privacy advocates urge stricter regulations to prevent misuse, and global oversight bodies like the EU are increasing scrutiny of AI technologies. For businesses, this tool could reshape market dynamics by enhancing consumer trust in online interactions. \n https://opentools.ai/news/google-chromes-new-ai-powered-store-reviews-feature-boosting-online-trustworthiness-instantly \n https://www.bleepingcomputer.com/news/google/google-chromes-ai-feature-lets-you-quickly-check-website-trustworthiness/ \n \n Critical Security Flaws in Mitel MiCollab and Lorex Cameras \n Cybersecurity researchers disclosed a PoC exploit combining a patched vulnerability in Mitel MiCollab (CVE-2024-41713) with an unpatched arbitrary file read flaw. CVE-2024-41713 (CVSS 9.8) allows path traversal through improper input validation in the NuPoint Unified Messaging (NPM) component, enabling unauthenticated access to sensitive files like /etc/passwd. MiCollab integrates chat, voice, and messaging with platforms like Microsoft Teams. The vulnerability was chained with a post-authentication flaw to extract sensitive data. Mitel patched CVE-2024-41713 in version 9.8 SP2 but warned that successful exploitation could compromise confidentiality, integrity, and availability by granting attackers administrative access and provisioning data. Separately, CVE-2024-47223, a SQL injection in MiCollab’s Audio, Web, and Video Conferencing component, was also fixed, addressing risks of arbitrary database operations. Researchers highlighted that detailed CVE descriptions can substitute for source code in identifying vulnerabilities. Additionally, Rapid7 revealed flaws in Lorex Wi-Fi cameras (CVE-2024-52544 to CVE-2024-52548), showing an exploit chain of five vulnerabilities leading to remote code execution (RCE). These included an admin password reset and a buffer overflow, enabling attackers to take over devices, view live feeds, or execute OS commands with root privileges. Both cases underscore the critical need for timely patching and robust security measures. \n https://thehackernews.com/2024/12/critical-mitel-micollab-flaw-exposes.html \n https://www.bleepingcomputer.com/news/security/mitel-micollab-zero-day-flaw-gets-proof-of-concept-exploit/ \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"11156","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg0MDEtRHJBRGUy?revision=6\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:338303":{"__typename":"Conversation","id":"conversation:338303","topic":{"__typename":"TkbTopicMessage","uid":338303},"lastPostingActivityTime":"2024-12-05T11:52:00.290-08:00","solved":false},"User:user:129412":{"__typename":"User","uid":129412,"login":"Kyle_Fox","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/custom/Frankenstack_11-1706132273780.svg"},"id":"user:129412"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMDMtM090Y2Y2?revision=3\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMDMtM090Y2Y2?revision=3","title":"SIRT_DevCentral.jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:338303":{"__typename":"TkbTopicMessage","subject":"Upcoming Threats, Giving Tuesday, Roundup","conversation":{"__ref":"Conversation:conversation:338303"},"id":"message:338303","revisionNum":3,"uid":338303,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:129412"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":125},"postTime":"2024-12-05T11:52:00.290-08:00","lastPublishTime":"2024-12-05T11:52:00.290-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Kyle Fox here, its been a pretty slow week because of the Thanksgiving Holiday so were going to talk mostly about things not specific to this week, but specific to upcoming threats. I also want to take note of some things around Giving Tuesday. \n \n Upcoming Threats \n Long time readers will note that I often think more in terms of holistic threat models. It may not matter if you have the most secure website in the world if someone can break into your datacenter easily. In this addition, we are going to look at some threat areas that can be easily overlooked. The first is the weather. As the weather gets more interesting, it poses more problems for the integrity and availability of digital services. Next up is physical security. This is not often overlooked as a whole, but some aspects have historically not been well understood in the security realm. Finally, I wanted to note a current threat to AI Large Language Models. \n \n Weather \n So, recently in the Seattle area, we had a wind storm which without any exaggeration was epic. Wind speeds on the surface exceeded 50kt (58mph, 93kph) sustained and gusting to sometimes 70kt (81mph , 130kph), I did not look into winds aloft, but it was quite difficult for aircraft during the storm. Needless to say, more than 50% of of people in the area were without power for more than 24 hours. Some were without power for up to a week and internet service, whether it be cable, fiber, wireless or even Starlink was disrupted with some areas having no service for long periods of time. \n My plan in this case was to run the generator to power the fridge and the Starlink. As with many plans, it did not fare well with enemy contact. Storing the generator two years prior, I had drained the gas out of the generator and had drained the carburetor, but from what we were able to tell afterwards, some gas remained in the carburetor and formed a gel that blocked it from operation. So the generator was right out. In the end, the contents of the fridge survived because we taped it shut with some gaff tape and it stayed shut the entire time the power was out. \n This highlights the need to have a plan, evaluate where that plan may have issues, and have a plan or a backup for the backups to deal with those issues. I could have made sure to blow out the carburetor before storing the generator. I could have had a portable battery inverter or a second generator. Having a generator does not save you as many industrial generator installations only have up to a day of fuel on site, and if its a big freeze like Portland has experienced recently, it may be hard to get additional fuel to refuel that generator. \n \n Physical \n We’re constantly seeing new threats to physical security, as researchers such as Deviant Ollam [ˈol͈aṽ] have been showing us for years all the issues with physical security, including a recent dive into fire protection. While the risks associated with conventional access control systems are somewhat well known, the standard HID cards often used can be read, stored and emulated with devices like the Proxmark and Flipper, a new frontier of security risks is being explored related to hotel card keys. \n Hotel key systems are a unique environment. Hotel keys have to be issued with a limited lifetime, be secure, and interact with locks that are not often connected back to any system. Since the cards become worn by guests keeping them in their pockets with things like keys, even returned cards may not be reusable and guests often do not return them. So a hotel may go through thousands to millions of cards every year. Because of this, often the cheapest of keycard technologies is selected. \n Years ago, a security researcher named Daeken found an issue with the Onity lock system used by a large number of properties. Later on an issue was found with the VingCard lock system with similar impacts. Now its DormaKaba's Saflok's turn in the ring. In 2022 researchers were able to reverse engineer the Saflok proximity card system to create a proof of concept attack that allows an attacker to create a sequence of cards that acts as a master key for any door in a property and all they need is any keycard from that property. After finding DormaKaba to be without a security vulnerability disclosure contact, the researchers were able to get ahold of a contact and disclose the vulnerability. Once sufficient time and sufficient properties were updated to resolve the vulnerability, they presented limited details at DEF CON 32. \n This speaks to the importance of physical security for employees on the road, which I have often found to be a lacking area in companies security posture. While much work is put into securing the office and datacenter, corporate assets are still at risk in hotel rooms while traveling or at conferences. Employees may try to secure their laptop in a hotel room safe, but bypass risks exist for those as well. What I have found to be a reasonable approach is to combine prudent practices like locking up laptops with prudent de-risking. If a company needs to present at conferences, they may opt to use special laptops for the presentations, if the laptops have to be left with the AV people, or be sure that employees keep their laptop with them. While conference rooms seem secure, as someone who does fandom convention AV as a hobby, I have found no property to be completely secure. Yes, even casinos lack security in some of their conference spaces. \n \n Copyright Threatens Large Language Models \n Getting the data to train large language models is hard. Companies like OpenAI have tried to make it easier on themselves by training their models on scraped data from the internet. While they sometimes have agreements like Google has with Reddit, often models are being trained without any agreement to the use of the data. We all know about copyright, the legal concept that allows creators to have rights over the reproduction and derivation of their works. Enter The Intercept, which after being able to get OpenAI's ChatGPT to produce near copies of its articles has progressed with a lawsuit against OpenAI. They join other publishers like The New York Times and Mother Jones in pursuing claims of copyright infringement against OpenAI. \n This is one area that I think represents an existential threat to these large language models trained on public data. Unless technology can be created to allow tagging the information being provided with attribution or more explicit licensing obtained, trained models may need to be completely tossed and the training dataset stripped of major publishers content. And even that still begs the question of smaller creators content still being included in the model, as there are outstanding questions about the ability of companies like Reddit to license the content created by its users for a wholly new use not previously anticipated. Fortunately companies using AI internally have taken a more conservative approach to training datasets and have only used licensable datasets or their own data for training LLMs. \n \n Who I am Helping on Giving Tuesday. \n While the routine charities I support are The EAA, Doctors Without Borders, and Partners In Health. And despite many emails about how The Burning Man Project needs money, and also being on the board of Hack Your Lives. I want to highlight hackspaces as some place to direct your support and volunteer hours towards. With the increasing rents for spaces near where transit and people are, it’s getting harder and harder for a hackspace to survive right now. The local hackspace, Black Lodge Research, is currently staring down lease non-renewal because with light rail being put in, the business park it is in will be bulldozed to build 5 over 1s, and I cynically expect the bottom floor retail spaces will remain empty most of the time. \n Others: \n \n Recently Eugene MakerSpace had a devastating fire and is recovering. \n The Reno Generator is one of those places where artists build some of that exciting art at Burning Man. \n Noisebridge is one of the oldest hackspaces open to the public, located in not so sunny San Francisco. \n \n \n Roundup: \n \n A hacker has discovered how to disable the webcam activity light on the ThinkPad X320. \n New social network BlueSky has become much more popular in the last month, and Hank Green has noticed. \n Russian spies pivoted onto a network by compromising a laptop across the street. \n For Thanksgiving I cooked J. Kenji López-Alt's sage sausage stuffing, which he explains in a recent video. \n Australia has banned children and teenagers under 16 from social media. \n A Federal judge in Delaware has made criminal referrals in a patent troll case after determining it to be utilizing shell companies in a barratry for profit scheme. \n The un-apprehended third hacker in the Snowflake extortion scheme may be a US Army Soldier. \n A Brazilian certificate authority has issued an unauthorized certificate for google.com. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"9020","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMDMtM090Y2Y2?revision=3\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:338065":{"__typename":"Conversation","id":"conversation:338065","topic":{"__typename":"TkbTopicMessage","uid":338065},"lastPostingActivityTime":"2024-11-27T05:00:00.058-08:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgwNjUtYlZ0bldl?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgwNjUtYlZ0bldl?revision=2","title":"SIRT_DevCentral.jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgwNjUtMXJFSUMx?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgwNjUtMXJFSUMx?revision=2","title":"Figure 1 - Timeline of Red Team Activity (CI).png","associationType":"BODY","width":1024,"height":567,"altText":""},"TkbTopicMessage:message:338065":{"__typename":"TkbTopicMessage","subject":"Google and Chrome proposed split, CISA insights, AI OSS-Fuzz, Roundup","conversation":{"__ref":"Conversation:conversation:338065"},"id":"message:338065","revisionNum":2,"uid":338065,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:72057"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":184},"postTime":"2024-11-27T05:00:00.058-08:00","lastPublishTime":"2024-11-27T05:00:00.058-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello! ArvinF is your editor for this edition of the F5 SIRT This Week in Security, covering 17 to 23 November 2024. We have news this week on a proposed split of Google Chrome browser from Google, insights from a CISA red team exercise, the recovery Change healthcare services, Google's AI powered OSS-Fuzz tool, and a round up on \"swatting\", EoS and Critical CVEs, \"digital end of life planning\" and \"future proofing\". I hope you find the selection educational and help increase your security mindset. \n Credit to the original authors of the articles. \n If this is your first TWIS, you can always read past editions . The F5 SIRT also encourages you to check out all of the content from the F5 SIRT. \n Let's get to it! \n Google and Chrome proposed split \n The US DoJ is proposing to split Chrome web browser from Google. The aim of this proposed divesting from Chrome by Google is to end its monopoly on search. Google derives most of its profits from advertisements and having the Chrome browser using Google Search as its default search engine makes the competition steep. As Chrome browser has a very large user base, Google has monopoly of the search results, use of these search activity and content scraping for training AI models and advertisements returned to users. If this proposal pulls through, chrome browser will have a new owner and have access to its code and will maintain its security. Another consequence is the split it that it would potentially break Google Services their users find helpful for their daily activities. On the business side of this proposal, industry giants revenue such as Apple and Mozilla will be impacted as Google pays to have Google Search as the default search for Safari and Firefox. We will have to see how this plays out. \n DoJ wants Google to sell Chrome and ban it from paying to be search default \n \n https://www.theregister.com/2024/11/21/usa_vs_google_full_filing/ \n https://www.justice.gov/atr/case-document/file/1577991/dl \n https://www.channelnewsasia.com/commentary/google-chrome-us-department-justice-antitrust-advertising-internet-monopoly-4761976 \n https://www.theregister.com/2024/10/09/usa_vs_google_proposed_remedies/ \n \n CISA Red Team exercise insights \n CISA conducted a red team assessment and documented it in their article \"Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization\". \n \n Figure 1: Timeline of Red Team Cyber Threat Activity \n The figure \"Timeline of Red Team Cyber Threat Activity\" shows that the successful initial access to the target organization was thru \"an old and unpatched service with a known XML External Entity (XXE) vulnerability\" that has a public PoC on the target web server. An existing \"Web Shell\" in the Linux based web server allowed the red team to execute commands. After the initial foothold, the red team escalated privileges as the service account on the web server had too much privileges available via sudo. They moved laterally - insufficient network segmentation from the Linux to the Windows environment allowed eventual grabbing of Kerberos TGT from the Windows DC as some of the windows hosts had unconstrained delegation enabled. When unconstrained delegation is enabled, Kerberos TGTs of any user that authenticates to it are stored on these systems. \"With sufficient privileges, an actor can obtain those tickets and impersonate associated users.\" \n From a mitigation perspective, I hope that organizations do add layers of protection to their networks, applications and sensitive business systems. A Web Application Firewall such as F5 BIG-IP ASM/Adv WAF, NGINX App Protect or F5 Distributed Cloud would have offered mitigations to the initial \"XML External Entity (XXE) vulnerability\" on the target web server thru attack signatures and security policy configurations. If BIG-IP AFM was deployed, it could offer network segmentation with its network firewall policy configursation and IPS/IDS functionality thru Protocol Inspection. BIG-IP SSLO can integrate with other security products as it provides access to encrypted traffic passing thru it and action based on detected behavior of the chained security service. \n The CISA article has extensive details of the red team excercise findings and recommendations. Do have a read of the \"Noted Strengths\" - while the target organization had shortcomings, it also had some strengths such as the proper deployment of the EDR and incident response capabilities. The mitigations section is also insightful for Network Defenders, Software Manufacturers and a section for recommendation to \"continually test your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified\". Organizations should ensure to allow minimal privilege to service accounts, secure configuration of business systems - remove unused and potentially vulnerable software, logging and keep the systems OS up to date. \n Here's what happens if you don't layer network security – or remove unused web shells \n \n https://www.theregister.com/2024/11/22/cisa_red_team_exercise/ \n https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a \n https://www.cisa.gov/sites/default/files/2024-11/aa24-326a-enhancing-cyber-resilience-insights-from-cisa-red-team-assessment_0.pdf \n https://www.cisa.gov/securebydesign \n https://techdocs.f5.com/en-us/bigip-17-1-0/ssl-orchestrator-setup/topologies-in-sslo/configuring-service-chain.html \n \n Change Healthcare services restored \n Change Healthcare recovered from the ransomware attack it experienced 9 months ago. ALPHV/Blackcat threat group sidelined it and affected 94 percent of payment transactions between hospitals and practitioners throughout the US healthcare system. The Change Healthcare CEO faced the US congress and explained that the breach was due to the use of stolen credentials by the threat group to log into a Citrix portal that did not have multi-factor authentication (MFA) enabled. The organization also paid the ransom - UnitedHealth paid $22 million to the attackers. \n Change Healthcare's ransomware attacks were documented in previous F5SIRT TWIS editions in February and March 2024. It was unfortunate as the healthcare system and payments were affected and had financial consequences for both the organizations and public. \n K08200035: Use cases | BIG-IP APM operations guide have authentication and authorization configurations available in BIG-IP APM. Organizations which are looking to secure their services should implement standard protocols such as OpenID and Oauth 2.0. BIG-IP APM Access policy can also implement client checks and integrate with a MFA solution to increase the difficulty of attempting to gain access using stolen credentials. \n Security training such as for identifying phishing and following IT security processes for security incident response should be regularly conducted as \"Human Firewall\" of the organization needs to be up to date and continuously monitoring potentially malicious activities that may lead to breaches. Mega US healthcare payments network restores system 9 months after ransomware attack \n \n https://www.theregister.com/2024/11/20/change_healthcares_clearinghouse_services/ \n https://community.f5.com/kb/security-insights/inspectre-rustpanos-cves-x-url-blunder-and-more-april-8-14-2024-f5-sirt-this-wee/329120 \n https://community.f5.com/kb/security-insights/lockbit-resurface-after-takeover--lazarus-are-hitting-feb-25th-%E2%80%93-march-2nd—thi/328326 \n \n K08200035: Use cases | BIG-IP APM operations guide \n \n https://my.f5.com/manage/s/article/K08200035 \n \n Google OSS-Fuzz AI powered vulnerability finder \n Google's OSS-Fuzz is an AI-driven fuzzing tool that uses large language models (LLMs) to help find bugs in code repositories. It found 26 vulnerabilities and recently found a critical CVE in OpenSSL. Per my read, OpenSSL scored the CVE as a Low while Google score it as a Critical as OpenSSL is a widely utilized software and library. \n Leveraging AI driven tools in software development and testing will surely help organizations deliver secure software now and in the future as these solutions mature. \n As defenders, vulnerabilities in applications and systems should be addressed. Keep your systems up to date on patches and ensure secure management and application access are in place. \n Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed \n \n https://www.theregister.com/2024/11/20/google_ossfuzz/ \n https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html \n \n \"swatting\", EoS and Critical CVEs, \"Digital end of life planning\", \"Future proofing\" \n “swatting” - a term that refers to calling emergency services to report a fake emergency of sufficient seriousness that it has the potential to result in the deployment of Special Weapons and Tactics (SWAT) teams. A teen serial \"swatter for hire\" pleaded guilty to 4 counts and scoped in 375 swatting calls to law enforcement and is now facing jail time. Cyber threat groups also use swatting to extort and intimidate ransomware victims such as in the case of Fred Hutchinson Cancer Center back in January. \n Older models of D-Link VPN routers DSR-150 / DSR-150N / DSR-250 / DSR-250N all hardware versions and firmware version have been EOL/EOS as of 05/01/2024 are potentially in trouble due to disclosure of a serious remote code execution (RCE) vulnerability - a buffer overflow bug that leads to unauthenticated RCE. No patches will be provided per D-Link and instead, offers a 20 percent discount on a new service router (DSR-250v2) to aid consumers of tech refreshing these out of support vulnerable hardware. D-Link advised to regularly update each device's unique password used to access its web management and ensuring Wi-Fi encryption is enabled. D-Link also announced that EoL/EoS devices and NAS Models is affected by CVE-2024-10914 - a Command Injection Vulnerability. \n Palo Alto Networks Critical CVEs , CVSS 9.9 - CVE-2024-9463 and CVSS 9.2 - CVE-2024-9465, both affecting the Expedition migration tool is under active exploitation. The CVEs can be exploited by an unauthenticated attacker. \n The governments of Japan and Sweden provided future proofing advise to their citizens. \n Japan's National Consumer Affairs Center suggested citizens start \"digital end of life planning\" and it includes: \n \n Ensuring family members can unlock your smartphone or computer in case of emergency; Maintain a list of your subscriptions, user IDs and passwords; Consider putting those details in a document intended to be made available when your life ends; Use a service that allows you to designate someone to have access to your smartphone and other accounts once your time on Earth ends. \n \n Sweden's government \"If crisis or war comes\" guide received its first update in six years and its distribution to every Swedish household citing factors such as war, terrorism, cyberattacks, and increasingly extreme weather events and calls for unity to secure the country's independence. \n Snippet from the document: \n \n Digital security Digitalisation can make us vulnerable to cyber attacks that knock out critical IT systems. You play a part in strengthening Sweden’s resilience by handling information in a safe and secure way, both at home and at work. \n Tips to get started: Create strong passwords that use a combination of letters, numbers and symbols. Don’t click on links in emails, or open attachments from unknown senders. Install security updates immediately. Perform regular backups of important information to an external hard drive, USB drive or cloud service. \n \n As observed in previous security news and announcements, running systems with unauthenticated critical CVEs exposes the organization to risks of a security breach of these systems and further deploying malware, exfiltrate data and affect the availability of systems ands services. Organizations should address these vulnerabilities on supported vendor products promptly. For devices that already reached an \"End of Support\" state, a technology refresh of systems with newer and supported platforms will enable the organization to run up to date software from the vendor. Organizations should ensure to secure access to the management interfaces of systems by not exposing these interfaces or APIs to the public internet and allowing only trusted users and networks access. \n \"swatting\" takes away resources and misleads authorities to action on fraudulent emergency calls and with malicious intent and will surely land someone in jail - \"don't do it\" and \"don't offer\". The snippet from Wikipedia on swatting countermeasures includes \"educating 911 dispatchers to identify fraudulent calls; ensuring that responding officers were aware of the potential for a hoax; and creating an opt-in registry for people who feared that they might become victims of swatting, such as journalists, celebrities, and live streamers. Using the registry, these people can provide cautionary information to the police, to inform officers responding to potential swatting attempts that target the victim's address\". \n Japan and Sweden have provided their citizens guidance in preparation of significant events with focus in digital footprints. These are good practice and helps ones that would manage these information and assets in the future. \n Teen serial swatter-for-hire busted, pleads guilty, could face 20 years \n \n https://www.theregister.com/2024/11/18/teenage_serial_swatterforhire_busted/ \n https://en.wikipedia.org/wiki/Swatting \n https://www.theregister.com/2024/01/05/swatting_extorion_tactics/ \n https://www.theregister.com/2024/11/20/dlink_rip_replace_router/ \n https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10415 \n https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10413 \n \n Put your usernames and passwords in your will, advises Japan's government \n \n https://www.theregister.com/2024/11/21/japan_digital_end_of_life/ \n \n Sweden's 'Doomsday Prep for Dummies' guide hits mailboxes today \n \n https://www.theregister.com/2024/11/18/sweden_updates_war_guide/ \n https://rib.msb.se/filer/pdf/30874.pdf \n \n \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"14506","kudosSumWeight":1,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgwNjUtYlZ0bldl?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgwNjUtMXJFSUMx?revision=2\"}"}}],"totalCount":2,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/customComponent/CustomComponent-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/customComponent/CustomComponent-1728320186000","value":{"errorMessage":"Error rendering component id: {customComponentId}","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/community/Navbar-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1728320186000","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Groups","migrated-link-7":"Technical Articles","migrated-link-8":"DevCentral News","migrated-link-1":"Technical Forum","migrated-link-10":"Community Groups","migrated-link-2":"Water Cooler","migrated-link-11":"F5 Groups","migrated-link-0":"Forums","article-series":"Article Series","migrated-link-5":"Community Articles","migrated-link-6":"Articles","security-insights":"Security Insights","migrated-link-3":"CrowdSRC","migrated-link-4":"CodeShare","migrated-link-12":"Events","migrated-link-13":"Suggestions"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1728320186000","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1728320186000","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1728320186000","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1728320186000","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1728320186000","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagSubscriptionAction-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagSubscriptionAction-1728320186000","value":{"success.follow.title":"Following Tag","success.unfollow.title":"Unfollowed Tag","success.follow.message.followAcrossCommunity":"You will be notified when this tag is used anywhere across the communtiy","success.unfollowtag.message":"You will no longer be notified when this tag is used anywhere in this place","success.unfollowtagAcrossCommunity.message":"You will no longer be notified when this tag is used anywhere across the community","unexpected.error.title":"Error - Action Failed","unexpected.error.message":"An unidentified problem occurred during the action you took. Please try again later.","buttonTitle":"{isSubscribed, select, true {Unfollow} false {Follow} other{}}","unfollow":"Unfollow"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1728320186000","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1728320186000","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1728320186000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1728320186000","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1728320186000","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1728320186000","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1728320186000","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1728320186000","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1728320186000","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1728320186000","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1728320186000","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1728320186000","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1728320186000","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1728320186000","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1728320186000","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1728320186000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false}}}},"page":"/tags/TagPage/TagPage","query":{"nodeId":"board:security-insights","tagName":"F5 SIRT"},"buildId":"_FASV5DDw52YaqfBDLqsB","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"f5","openTelemetryServiceVersion":"24.11.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/customComponent/CustomComponent/CustomComponent.tsx","./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/tags/TagsHeaderWidget/TagsHeaderWidget.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/tags/TagSubscriptionAction/TagSubscriptionAction.tsx","../shared/client/components/common/List/ListGroup/ListGroup.tsx","./components/messages/MessageView/MessageView.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx","../shared/client/components/common/Pager/PagerLoadMore/PagerLoadMore.tsx"],"appGip":true,"scriptLoader":[]}