TWIS

156 Topics

OWASP 2025 conference, KEV and RCE.
Attending the OWASP 2025 this time something was different, the software has reached a tipping point ! AI is here and once you understand and internalize how AI technology can be used ,you realize that things are going to be very different.
Lior_Rotkovitch
Jun 11, 2025 Place Security Insights
91Views
2likes
0Comments
Google Calendar Exploits, Fake AI Packages, Malware Arrests, and a Newly Proposed Exploit Metric
Notable security news for the week of May 25 –June 1. Your editor this week is Chris from the F5 Security Incident Response Team. This week I will highlight Google Calendar exploits by an Advanced Persistent Threat (APT), malware installers disguised as popular AI tools, the arrest of 21 people in Pakistan operating a malware service, and a new exploit equation aimed at aiding KEV and EPSS. Google Calendar Exploits The Chinese state-sponsored threat actor APT41 has been using a malware called TOUGHPROGRESS to leverage Google Calendar for command-and-control (C2) operations. Google discovered this activity in late October of 2024. The malware was hosted on a compromised government website targeting multiple other government entities. The malware consists of three distinct components: PLUSDROP: A DLL used to decrypt and execute the next-stage payload in memory. PLUSINJECT: Performs process hollowing on a legitimate "svchost.exe" process to inject the final payload. TOUGHPROGRESS: The primary malware that uses Google Calendar for C2. The malware reads and writes events with an attacker-controlled Google Calendar, storing harvested data in event descriptions and executing encrypted commands. Google has taken down the malicious Google Calendar and terminated the associated Workspace projects, neutralizing the campaign. https://thehackernews.com/2025/05/chinese-apt41-exploits-google-calendar.html Fake AI Tool Packages Since mid-October 2024, cybercriminals have been using fake installers for popular AI tools like OpenAI ChatGPT and InVideo AI to spread different types of malware. These include CyberLock ransomware, Lucky_Gh0$t ransomware, and a new malware called Numero. Developed using PowerShell, CyberLock encrypts specific files on the victim's system and demands a $50,000 ransom in Monero, claiming the funds will support humanitarian causes. A variant of the Yashma ransomware, Lucky_Gh0$t targets files smaller than 1.2GB for encryption and deletes backups, demanding ransom payments via the Session messaging app. This destructive malware manipulates the graphical user interface components of Windows, rendering the machines unusable. It continuously runs on the victim's machine through an infinite loop. The fake AI tool websites use SEO poisoning techniques to boost their rankings and lure victims into downloading malware-loaded installers. The campaign targets individuals and organizations in the B2B sales and marketing sectors, using the popularity of AI tools to spread malware. There are multiple ways you can reduce the risk of malware threats: Use Security Software: Install reputable antivirus and anti-malware software. Ensure it is regularly updated to protect against the latest threats. Be Cautious with Emails: Avoid clicking on links or opening attachments from unknown or suspicious emails. Phishing emails are a common way to spread malware. Download from Trusted Sources: Only download software from official websites or reputable sources. Avoid third-party platforms that might disguise malware as legitimate software. Keep Software Updated: Regularly update your operating system and all installed software to patch vulnerabilities that could be exploited by malware. Use Strong Passwords: Implement strong, unique passwords for all your accounts and consider using a password manager to keep them secure. Enable Two-Factor Authentication: Add an extra layer of security to your accounts by enabling two-factor authentication wherever possible. These are all good practices to use at any time. It is always a good idea to stay diligent when it comes to security. https://thehackernews.com/2025/05/cybercriminals-target-ai-users-with.html Heartsender Malware Service Arrests Pakistani authorities have arrested 21 individuals accused of operating "Heartsender," a spam and malware dissemination service active for over a decade. The alleged ringleader, Rameez Shahzad, and other core developers were publicly identified in 2021 after making several operational security mistakes, such as inadvertently infecting their own computers with malware, which exposed their identities and operations. Heartsender's tools were linked to over $50 million in losses in the U.S., with European authorities investigating 63 additional cases. Heartsender provided spam and malware dissemination tools, primarily targeting users of various Internet services like Microsoft 365, Yahoo, AOL, Intuit, iCloud, and ID.me. The main clients were organized crime groups that used these tools for business email compromise (BEC) schemes. These schemes tricked companies into making payments to third parties by impersonating legitimate business contacts. The service was marketed under multiple brands, including Heartsender, Fudpage, and Fudtools. "Fud" stands for "Fully Un-Detectable," indicating that the tools were designed to evade detection by security software. The FBI and Dutch Police seized the technical infrastructure for Heartsender in January 2025. https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/ Likely Exploited Vulnerabilities (LEV) Researchers from CISA and NIST have proposed a new cybersecurity metric called Likely Exploited Vulnerabilities (LEV). This metric will help us figure out how likely a vulnerability has been used in the wild. LEV aims to enhance existing tools like Known Exploited Vulnerabilities (KEV) lists and the Exploit Prediction Scoring System (EPSS) by providing more accurate prioritization for vulnerability remediation. KEV (Known Exploited Vulnerabilities) Lists: Purpose: Catalog vulnerabilities that have been confirmed to be exploited in the wild. Usage: Helps organizations prioritize patching and remediation efforts by focusing on vulnerabilities that attackers are actively using. EPSS (Exploit Prediction Scoring System): Purpose: Provides a 30-day probability that a vulnerability will be exploited. Usage: Assists in predicting which vulnerabilities are likely to be targeted, helping organizations prioritize their security efforts. Both tools are essential for effective vulnerability management, with KEV lists focusing on known exploits and EPSS providing predictive insights. LEV uses equations that consider variables such as the first date an EPSS score is available, the date of the most recent KEV list update, inclusion in KEV, and the EPSS score measured across multiple days. LEV probabilities can help measure the expected number and proportion of vulnerabilities exploited by threat actors and estimate the comprehensiveness of KEV lists. NIST is seeking industry partners with relevant datasets to empirically measure the performance of LEV probabilities. In vulnerability management, LEV can be used for enhancement in several ways: Prioritization: LEV helps organizations prioritize vulnerabilities that are most likely to be exploited, ensuring that critical patches are applied first. LEV is more accurate because it uses data from KEV lists and EPSS scores. This means it can find vulnerabilities that are not being exploited as often. Resource Allocation: LEV enables better allocation of resources by focusing efforts on vulnerabilities with the highest exploitation probability, optimizing security operations. Risk Management: LEV probabilities help measure the expected number and proportion of vulnerabilities exploited by threat actors, aiding in comprehensive risk management. Collaboration: LEV encourages collaboration between industry partners and researchers to empirically measure and improve vulnerability management practices. The hope is that by integrating LEV into existing tools and processes, organizations can improve their ability to identify, prioritize, and mitigate vulnerabilities effectively. https://www.securityweek.com/vulnerability-exploitation-probability-metric-proposed-by-nist-cisa-researchers/
Christopher_Pa1
Jun 04, 2025 Place Security Insights
151Views
4likes
0Comments
Massive DDoS, DanaBot Dismantled, Scraped Discord Messages and Signal Blocks Windows Recall
Notable security news for the week of May 18th-24th May 2025, brought to you by the F5 Security Incident Response Team. This week, your editor is Dharminder. In this edition, I have security news about ‘Signal messenger, which has blocked Windows Recall to protect its user privacy. Massive 6.3Tbps of DDoS attack on KrebsOnsecurity, CrowdStrike and DOJ collaborated to Dismantle DanaBot Malware Network and user messages from Discord’s app are dumped online by the researchers
Dharminder
May 28, 2025 Place Security Insights
225Views
2likes
0Comments
Banking Authentication, Solar, Patch Tuesday, DEF CON

Kyle_Fox
May 22, 2025 Place Security Insights
115Views
3likes
0Comments
F5 May 2025 QSN, Big dollar cough up, buggy-spy chat apps
On May 5th, F5 disclosed 12 issues, 11 Highs, and 1 Medium Severity CVEs for the F5 May 2025 Quarterly Security Notifications. Most of the issues disclosed were classic DoS on BIG-IP products and the BIG-IP NEXT products and are fixed in the latest BIG-IP 17.5, 16.1.6, and most in15.1.10.7 versions and the latest BIG-IP NEXT versions.
ArvinF
May 15, 2025 Place Security Insights
145Views
1like
0Comments
The Future Soon
It's the first May, first of May, outdoor... Oh, hi, didn't see you there. Welcome back, once again, to This Week In Security the weekly (mostly weekly) newsletter where we take the random security news of the week and run it down. I'm your host this week, , and these are the items that happened to catch my eye as I once again drank from the firehose of doom, or security news, same thing.
MegaZone
May 09, 2025 Place Security Insights
167Views
1like
0Comments
Policy Puppetry, Jumping the Line, and Camels
Notable news for the week of April 20th - April 27th, 2025. This week, your editor is Jordan_Zebor from F5 Security Incident Response Team. This week, I’m diving into some big updates around Generative AI security. Every time a new tech wave hits—whether it was social media, crypto, IoT, or now AI—you can bet attackers and security teams are right there, too. The latest threats, like Policy Puppetry and Line Jumping show just how fast things are moving. On the flip side, defenses like CaMeL are helping us stay one step ahead. If we want AI systems that people can trust, security engineers have to stay sharp and keep building smarter defenses. Policy Puppetry: A Universal Prompt Injection Technique It seems like weekly, new ways to perform prompt injection are being discovered. Recent research by HiddenLayer has uncovered "Policy Puppetry," a novel prompt injection technique that exploits the way LLMs interpret structured data formats such as XML and JSON. This works because the full context—trusted system instructions and user input alike—is flattened and presented to the LLM without inherent separation (something I will touch on later). By presenting malicious prompts that mimic policy files, attackers can override pre-existing instructions and even extract sensitive information, compromising the integrity of systems powered by LLMs like GPT-4, Claude, and Gemini. For security engineers, this discovery underscores a systemic vulnerability tied to LLMs' training data and context interpretation. Existing defenses, such as system prompts, are insufficient on their own to prevent this level of exploitation. The emergence of Policy Puppetry adds to the ongoing discussion about prompt injection as the most significant Generative AI threat vector, highlighting the urgent need for comprehensive safeguards in AI system design and deployment. MCP Servers and the "Line Jumping" Vulnerability Trail of Bits uncovered a critical vulnerability in the Model Context Protocol (MCP), a framework used by AI systems to connect with external servers and retrieve tool descriptions. Dubbed "line jumping," this exploit allows malicious MCP servers to embed harmful prompts directly into tool descriptions, which are processed by the AI before any tool is explicitly invoked. By bypassing the protocol’s safeguards, attackers can manipulate system behavior and execute unintended actions, creating a cascading effect that compromises downstream systems and workflows. This vulnerability undermines MCP's promises of Tool Safety and Connection Isolation. The protocol is designed to ensure that tools can only cause harm when explicitly invoked with user consent and to limit the impact of any compromised server through isolated connections. However, malicious servers bypass these protections by instructing the model to act as a message relay or proxy, effectively bridging communication between supposedly isolated components. This creates an architectural flaw akin to a security system that activates prevention mechanisms only after intruders have already breached it. Google's CaMeL: A Defense Against Prompt Injection In response to prompt injection threats, Google DeepMind has introduced CaMeL (Capability-based Model Execution Layer), a groundbreaking mechanism designed to enforce control and data flow integrity in AI systems. By associating “capabilities”—metadata that dictate operational limits—with every value processed by the model, CaMeL ensures untrusted inputs cannot exceed their designated influence. Instead of sprinkling more AI magic fairy dust on the problem, this approach leans on solid, well-established security principles concepts into the AI domain. By implementing a protective layer around the LLM, developers can reduce risks such as unauthorized operations and unexpected data exfiltration, even if the underlying model remains vulnerable to prompt injection. While CaMeL has not yet been tested broadly, its potential represents a significant advancement toward secure-by-design AI systems, establishing a new architectural standard for mitigating prompt injection vulnerabilities. That’s it for this week — hope you enjoyed!
Jordan_Zebor
Apr 30, 2025 Place Security Insights
212Views
2likes
0Comments
CrowdStrike Struck, PHP CVEs, Race to Exploitation Mountain and KEVs

AaronJB
Apr 30, 2025 Place Security Insights
359Views
5likes
2Comments
Cybersecurity Awareness Month, Pokémon and Oracle's CPU

Lior_Rotkovitch
Apr 29, 2025 Place Security Insights
172Views
2likes
1Comment
VulnCon 2025, EU CRA, CVE funding, Smishing Kit
Notable security news for the week of April 13th through April 20th. Your editor this week is Chris from the F5 Security Incident Response Team. A bit of a different format this week as I was in Raleigh for VulnCon 2025 the previous week. I will discuss highlights from that as well as notable events from the past week. VulnCon 2025 The 2025 Vulnerability Management Ecosystem Collaboration, Ideation, and Action Conference (aka “VulnCon”), which was sponsored by FIRST and the CVE Program, was held from April 7th through April 10th this year. The aim of this conference is to promote collaboration between various vulnerability management and cybersecurity professionals to better help the whole cybersecurity ecosystem. Key topics that were highlighted this year were the EU's Cyber Resilience Act (CRA), Vulnerability Exploitability eXchange (VEX), Cybersecurity Assurance Framework (CSAF), and publishing more complete CVE records or Vulnrichment. I will discuss the CRA in the next paragraph. VEX facilitates the exchange of vulnerability information, fostering collaboration to swiftly address emerging threats. Concurrently, CSAF ensures a standardized approach to cybersecurity practices. One of the pushes that was discussed was to get security scanners to start ingesting VEX to help decrease the amount of false positives and focus more on vulnerabilities that are exploitable. As for Vulnrichment, it is alarming that a large number of CVEs that are disclosed every year do not include Common Weakness Enumerations (CWE) or Common Vulnerability Scoring System (CVSS) scores. I agree that adding this information at a minimum would be very beneficial to both the consumers as well as the vendor. The vendor is in the best position to assign these in a more accurate manner since they are most familiar with the products. https://www.first.org/conference/vulncon2025/ https://openssf.org/blog/2023/09/07/vdr-vex-openvex-and-csaf/ EU Cyber Resilience Act (CRA) The Cyber Resilience Act introduces mandatory cybersecurity requirements for hardware and software products, throughout their whole lifecycle. The main goals of this act are to ensure that products with digital elements placed on the EU market have fewer vulnerabilities that Manufacturers remain responsible for cybersecurity throughout a product’s life cycle, improve transparency on security of hardware and software products and bring benefits to business users and consumers from better protection. Products will bear the CE marking as is common with many other products sold, which means they have been assessed to meet high safety, health, and environmental protection requirements. The three main roles that are laid out are: Manufacturers: If you develop or manufacture products with "digital elements" for sale in the EU. Open-Source Software (OSS) Stewards: Entity other than a manufacturer that provides support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products. Examples of this would be the Linux Foundation, Apache Foundation, etc.... OSS Developers: Upstream maintainer or developer of open-source software that is used by the manufacturer. The key point to note in this distinction of these three roles is that if there is a vulnerability exploited in open-source software, the manufacturer is the one held liable. The OSS Steward and the OSS Developers are not being held liable. This makes it a good idea to develop working relationships with the OSS upstream developers for when emergencies do arise. Now to focus on the manufacturer requirements. I will not touch all of them as the CRA is a large document but will point out some of the key topics. Secure-By-Default and Secure-By-Design principles will now be a requirement and not just a pledge. Products with digital elements shall be delivered without any known exploitable vulnerabilities. Manufacturers will need to provide evidence that the product was checked before release. A risk assessment will need to be provided with the product and the contents of that assessment are laid out in Annex I of the document. Manufactures must be able to provide SBOMS in either SPDX or CycloneDX format at the request of authorities. Manufacturers must , address and remediate vulnerabilities without delay, which includes providing security updates. Manufacturers must provide support for a minimum of 5 years, including security updates and that each security update remains available after it has been issued for a minimum of 10 years or for the remainder of the support period, whichever is longer. There are also reporting requirements. Highlight a couple of them; they pertain to actively exploited vulnerabilities and severe incidents having an impact on the security of the product. An early warning notification of an actively exploited vulnerability or severe incident, without undue delay and in any event within 24 hours of the manufacturer becoming aware of it. Then "an incident notification, without undue delay and in any event within 72 hours of the manufacturer becoming aware of the incident, which shall provide general information, where available, about the nature of the incident, an initial assessment of the incident, as well as any corrective or mitigating measures taken, and corrective or mitigating measures that users can take, and which shall also indicate, where applicable, how sensitive the manufacturer considers the notified information to be". That was taken from the document and you can see how thorough they are being when detailing what to report. The final report will need to be submitted by 14 days for active exploits and one month for severe incidents. Then to explain where to report: "The notification shall be submitted using the electronic notification end-point of the CSIRT designated as coordinator of the Member State where the manufacturers have their main establishment in the Union and shall be simultaneously accessible to ENISA". This means that the manufacturer will need to choose one of the European country's CSIRT teams to be the point of contact. As for the consequences of non-compliance, the EU is not playing around with that either: Non-compliance with the essential cybersecurity requirements set out in Annex I and the obligations set out in Articles 13 and 14 shall be subject to administrative fines of up to EUR 15,000,000 or, if the offender is an undertaking, up to 2.5% of its total worldwide annual turnover for the preceding financial year, whichever is higher. Non-compliance with the obligations set out in Articles 18 to 23, Article 28, Article 30(1) to (4), Article 31(1) to (4), Article 32(1), (2) and (3), Article 33(5), and Articles 39, 41, 47, 49 and 53 shall be subject to administrative fines of up to EUR 10,000,000 or, if the offender is an undertaking, up to 2% of its total worldwide annual turnover for the preceding financial year, whichever is higher. The supply of incorrect, incomplete or misleading information to notified bodies and market surveillance authorities in reply to a request shall be subject to administrative fines of up to EUR 5,000,000 or, if the offender is an undertaking, up to 1% of its total worldwide annual turnover for the preceding financial year, whichever is higher. To explain those bullet points more simply, everything I mentioned above about manufacturer requirements and reporting all fall under Annex I or Articles 13 and 14 so would be subject to the most severe penalties per incident. As for the timelines of this act, the CRA was officially adopted on October 10, 2024, and entered into force on December 10, 2024. However, the CRA's main obligations will apply starting from December 11, 2027. Some earlier obligations will apply, such as the reporting of vulnerabilities and severe incidents, starting from September 11, 2026. Additionally, the rules on conformity assessment bodies will be applicable from June 11, 2026. https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act https://github.com/SecurityCRob/presentations/blob/main/CRA%20PSIRT%20TL_DR.pdf CVE Program Funding The Common Vulnerabilities and Exposures (CVE) program, managed by MITRE, was facing funding expiration on April 16, 2025. The program is essential for identifying and tracking security vulnerabilities in software and hardware. Without funding, the CVE program would stop adding new vulnerabilities, which could lead to significant impacts on national vulnerability databases, cybersecurity tools, incident response operations, and critical infrastructure. MITRE's Vice President Yosry Barsoum expressed hope that the government is making efforts to continue supporting the program. Luckily, the Department of Homeland Security's (DHS) Cybersecurity & Infrastructure Security Agency (CISA) was able to secure funding at the last moment, to fund the program for 11 more months. This is despite ongoing budget and staffing cuts to CISA by the current administration. The cybersecurity community has expressed concern over the potential loss of the CVE program, emphasizing its importance in standardizing vulnerability information and aiding in the timely patching of security flaws. On April 16, MITRE announced the creation of a non-profit entity called "The CVE Foundation" to continue the program's work under a new funding mechanism. https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/ The CVE Foundation The CVE Foundation was launched to secure the future of the CVE Program. The CVE Foundation was formally established on April 16, 2025, to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program. The CVE Program has been a U.S. government-funded initiative for 25 years, raising concerns about sustainability and neutrality due to its reliance on a single government sponsor. MITRE notified the CVE Board on April 15, 2025, that the U.S. government would not renew its contract for managing the program. In response, a coalition of CVE Board members developed a strategy to transition CVE to a dedicated, non-profit foundation to continue delivering high-quality vulnerability identification. CVE identifiers and data are crucial for cybersecurity professionals worldwide, aiding in security tools, advisories, threat intelligence, and response. Going forward, the CVE Foundation aims to eliminate a single point of failure in the vulnerability management ecosystem and ensure the CVE Program remains globally trusted and community-driven. https://www.thecvefoundation.org/home Pay Your Tolls!! About 3 and a half years ago, I was driving into Denver on Interstate 70 coming from the East. I had no need to drive through Denver as I was heading north through Wyoming anyway. Well, a few miles before the city there was an offramp for E-470, a toll highway that would bypass Denver and connect to I-25 a few miles north of the city. I had never used a toll highway before since I live in Eastern Washington where they are unheard of. I was picturing a scene out of a movie where you pull up to a booth and pay an attendant. I was surprised as I merged onto the highway and everyone was driving at 60+ MPH. I saw a sign that stated the system used E-ZPass and would scan the license plate. Fast forward a few months and I receive a bill in the mail from E-ZPass, a pretty nice way to bypass driving through the middle of a large city, I thought. Now, unfortunately, a smishing campaign is targeting that same system to trick victims into giving them their payment information. Since mid-October 2024, multiple financially motivated threat actors have been using a smishing kit developed by "Wang Duo Yu" to target toll road users in eight U.S. states. The campaign impersonates U.S. electronic toll collection systems like E-ZPass, sending SMS messages and Apple iMessages about unpaid tolls, urging recipients to click on fake links. Victims are prompted to solve a fake CAPTCHA challenge and enter personal and financial information on fraudulent pages, which is then siphoned off to the threat actors. Wang Duo Yu, a computer science student in China, is alleged to be the creator of the phishing kits used by the Smishing Triad, a Chinese organized cybercrime group. The Smishing Triad has conducted large-scale smishing attacks targeting postal services in 121 countries, using failed package delivery lures to harvest personal and financial information. Services like Oak Tel facilitate smishing on a global scale, allowing cybercriminals to send bulk SMS and manage campaigns efficiently. I have personally received 2 or 3 of these over the past few months. Luckily, I know the one time I drove on a toll road, so it was obvious to me that this was fake. I worry about people that are using these systems more regularly that may fall victim. https://thehackernews.com/2025/04/chinese-smishing-kit-behind-widespread.html
Christopher_Pa1
Apr 23, 2025 Place Security Insights
169Views
2likes
0Comments

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_MetaNav\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/TWIS\"}}})":{"__typename":"ComponentRenderResult","html":"

Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/TWIS\"}}})":{"__typename":"ComponentRenderResult","html":" "}},"componentScriptGroups({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/TWIS\"}}})":{"__typename":"ComponentRenderResult","html":"

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageListTabs\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageListTabs-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMore\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"components/customComponent/CustomComponent\"]})":[{"__ref":"CachedAsset:text:en_US-components/customComponent/CustomComponent-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageViewCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageViewCount-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"components/kudos/KudosCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/kudos/KudosCount-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRepliesCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1749755793086"}],"cachedText({\"lastModified\":\"1749755793086\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1749755793086"}]},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"User:user:-1":{"__typename":"User","id":"user:-1","entityType":"USER","eventPath":"community:zihoc95639/user:-1","uid":-1,"login":"Former Member","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"dd-MMM-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US","en-GB","fr-FR","de-DE","pt-PT","pt-BR","es-ES"]},"repliesSortOrder":{"__typename":"InheritableStringSettingWithPossibleValues","key":"config.user_replies_sort_order","value":"DEFAULT","localValue":"DEFAULT","possibleValues":["DEFAULT","LIKES","PUBLISH_TIME","REVERSE_PUBLISH_TIME"]}},"deleted":false},"CachedAsset:pages-1749756359751":{"__typename":"CachedAsset","id":"pages-1749756359751","value":[{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HowDoI.GetInvolved.MvpProgram","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved/mvp-program","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HowDoI.GetInvolved.AdvocacyProgram","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved/advocacy-program","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HowDoI.GetHelp.NonCustomer","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/non-customer","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HowDoI.GetHelp.F5Customer","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/f5-customer","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"WorkstreamsPage","type":"COMMUNITY","urlPath":"/workstreams","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HowDoI.GetInvolved","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HowDoI.Learn","type":"COMMUNITY","urlPath":"/c/how-do-i/learn","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1739501996000,"localOverride":null,"page":{"id":"Test","type":"CUSTOM","urlPath":"/custom-test-2","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HowDoI.GetHelp.Community","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/community","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HowDoI.GetInvolved.ContributeCode","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved/contribute-code","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HowDoI.Learn.AboutIrules","type":"COMMUNITY","urlPath":"/c/how-do-i/learn/about-irules","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HowDoI.GetHelp.F5Support","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/f5-support","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HowDoI.GetHelp","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HowDoI.GetHelp.SecurityIncident","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/security-incident","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1749756359751,"localOverride":null,"page":{"id":"HowDoI","type":"COMMUNITY","urlPath":"/c/how-do-i","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}","userBanned":"We're sorry, but you have been banned from using this site.","userBannedReason":"You have been banned for the following reason: {reason}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:theme:customTheme1-1749755793993":{"__typename":"CachedAsset","id":"theme:customTheme1-1749755793993","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"android-chrome-512x512-1748534255255.png","imageLastModified":"1748534256856","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"devcentral-type-lockup-1748534239063.svg","imageLastModified":"1748534240836","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"fluid","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_PAGE_CONTENT","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"5px","borderRadius":"5px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"14px","paddingXHero":"42px","fontStyle":"NORMAL","fontWeight":"500","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-400)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-300)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"NONE","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.06)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"500","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","defaultMessageFontFamily":"var(--lia-bs-font-family-base)","forumColor":"#0C5C8D","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#62C026","blogColor":"#730015","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#C20025","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#F3704B","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#EE4B5B","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#491B62","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0C5C8D","secondary":"#333333","bodyText":"#222222","bodyBg":"#F5F5F5","info":"#1D9CD3","success":"#62C026","warning":"#FFD651","danger":"#C20025","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#C20025","#081B85","#009639","#B3C6D7","#7CC0EB","#F29A36","#B2D7EB","#66AFD7","#007ABC","#343434"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Neusa Next Pro Wide Bold","fontStyle":"NORMAL","fontWeight":"700","h1FontSize":"30px","h2FontSize":"25px","h3FontSize":"20px","h4FontSize":"18px","h5FontSize":"16px","h6FontSize":"16px","lineHeight":"1.1","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":null,"imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"14px","defaultMessageHeaderMarginBottom":"10px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"14px","specialMessageHeaderMarginBottom":"10px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","tableBgColor":"transparent","tableBorderColor":"var(--lia-bs-gray-700)","tableBorderStyle":"solid","tableCellPaddingX":"5px","tableCellPaddingY":"5px","tableTextColor":"var(--lia-bs-body-color)","tableVerticalAlign":"middle","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Proxima Nova A Medium","fontStyleBase":"NORMAL","fontWeightBase":"500","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.2","fontSizeBase":"15px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"13px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[{"source":"SERVER","name":"Proxima Nova A Medium","styles":[{"style":"NORMAL","weight":"500","__typename":"FontStyleData"}],"assetNames":["ProximaNovaAMedium-normal-500.woff2"],"__typename":"CustomFont"},{"source":"SERVER","name":"Neusa Next Pro Wide Bold","styles":[{"style":"NORMAL","weight":"700","__typename":"FontStyleData"}],"assetNames":["NeusaNextProWideBold-normal-700.woff2"],"__typename":"CustomFont"}],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1749755793086","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1749755793086","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/tags/TagPage-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-pages/tags/TagPage-1749755793086","value":{"tagPageTitle":"Tag:\"{tagName}\" | {communityTitle}","tagPageForNodeTitle":"Tag:\"{tagName}\" in \"{title}\" | {communityTitle}","name":"Tags Page","tag":"Tag: {tagName}"},"localOverride":false},"CachedAsset:quilt:f5.prod:pages/tags/TagPage:community:zihoc95639-1749755792086":{"__typename":"CachedAsset","id":"quilt:f5.prod:pages/tags/TagPage:community:zihoc95639-1749755792086","value":{"id":"TagPage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"items":[{"id":"tag-header-widget","layout":"ONE_COLUMN","bgColor":"var(--lia-bs-white)","showBorder":"BOTTOM","sectionEditLevel":"LOCKED","columnMap":{"main":[{"id":"tags.widget.TagsHeaderWidget","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"},{"id":"messages-list-for-tag-widget","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","props":{"viewVariant":{"type":"inline","props":{"useUnreadCount":true,"useViewCount":true,"useAuthorLogin":true,"clampBodyLines":3,"useAvatar":true,"useBoardIcon":false,"useKudosCount":true,"usePreviewMedia":true,"useTags":false,"useNode":true,"useNodeLink":true,"useTextBody":true,"truncateBodyLength":-1,"useBody":true,"useRepliesCount":true,"useSolvedBadge":true,"timeStampType":"conversation.lastPostingActivityTime","useMessageTimeLink":true,"clampSubjectLines":2}},"panelType":"divider","useTitle":false,"hideIfEmpty":false,"pagerVariant":{"type":"loadMore"},"style":"list","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"mostRecentUserContent":false,"newest":false},"additional":{"mostKudoed":true,"mostViewed":true,"mostReplies":false,"noReplies":false,"noSolutions":false,"solutions":false}}},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1749755793086","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:quiltWrapper:f5.prod:Common:1749755792550":{"__typename":"CachedAsset","id":"quiltWrapper:f5.prod:Common:1749755792550","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"#66AFD7","items":[{"id":"custom.widget.GainsightShared","props":{"widgetVisibility":"signedInOnly","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Beta_MetaNav","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":true,"useIconLanguagePicker":true,"useLabelLanguagePicker":true,"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"700","controllerHighlightColor":"#F29A36","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"15px","linkBoxShadowHover":"none","backgroundOpacity":1,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"48px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"10px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"unset","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"center","linkColor":"#343434","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","controllerTextColor":"var(--lia-nav-controller-icon-color)","background":{"imageAssetName":"","color":"#B2D7EB","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"#343434","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid #343434","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","paddingTop":"10px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"#343434","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"#343434"},"links":{"sideLinks":[],"logoLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"TechnicalForum","categoryId":"Forums"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"WaterCooler","categoryId":"Forums"},"routeName":"ForumBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"Forums"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-4","params":{"boardId":"codeshare","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-5","params":{"boardId":"communityarticles","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"categoryId":"CrowdSRC"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-7","params":{"boardId":"TechnicalArticles","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"article-series","params":{"boardId":"article-series","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"security-insights","params":{"boardId":"security-insights","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-8","params":{"boardId":"DevCentralNews","categoryId":"Articles"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-6","params":{"categoryId":"Articles"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"categoryId":"CommunityGroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"categoryId":"F5-Groups"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"GroupsCategory"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-12","params":{"boardId":"Events","categoryId":"top"},"routeName":"EventBoardPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"Suggestions","categoryId":"top"},"routeName":"IdeaBoardPage"},{"children":[],"linkType":"EXTERNAL","id":"Common-external-link","url":"https://community.f5.com/c/how-do-i","target":"SELF"}]},"className":"QuiltComponent_lia-component-edit-mode__lQ9Z6","showSearchIcon":false,"languagePickerStyle":"iconAndLabel"},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"transparent","visualEffects":{"showBottomBorder":false},"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"#222222"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"#007ABC","linkHighlightColor":"#FFFFFF","visualEffects":{"showBottomBorder":false},"backgroundOpacity":100,"linkTextColor":"#FFFFFF"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"custom.widget.Beta_Footer","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Tag_Manager_Helper","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Consent_Blackbar","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:component:custom.widget.GainsightShared-en-us-1749755820682":{"__typename":"CachedAsset","id":"component:custom.widget.GainsightShared-en-us-1749755820682","value":{"component":{"id":"custom.widget.GainsightShared","template":{"id":"GainsightShared","markupLanguage":"HTML","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"Shared functions for Gainsight integration","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.GainsightShared","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Shared functions for Gainsight integration","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_MetaNav-en-us-1749755820682":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_MetaNav-en-us-1749755820682","value":{"component":{"id":"custom.widget.Beta_MetaNav","template":{"id":"Beta_MetaNav","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_MetaNav","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_Footer-en-us-1749755820682":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_Footer-en-us-1749755820682","value":{"component":{"id":"custom.widget.Beta_Footer","template":{"id":"Beta_Footer","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_Footer","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Tag_Manager_Helper-en-us-1749755820682":{"__typename":"CachedAsset","id":"component:custom.widget.Tag_Manager_Helper-en-us-1749755820682","value":{"component":{"id":"custom.widget.Tag_Manager_Helper","template":{"id":"Tag_Manager_Helper","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Tag_Manager_Helper","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Consent_Blackbar-en-us-1749755820682":{"__typename":"CachedAsset","id":"component:custom.widget.Consent_Blackbar-en-us-1749755820682","value":{"component":{"id":"custom.widget.Consent_Blackbar","template":{"id":"Consent_Blackbar","markupLanguage":"HTML","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Consent_Blackbar","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1749755793086","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagsHeaderWidget-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagsHeaderWidget-1749755793086","value":{"tag":"{tagName}","topicsCount":"{count} {count, plural, one {Topic} other {Topics}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1749755793086","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1706288370055":"Content Feed","title@instance:1743095186784":"Most Recent Updates","title@instance:1704317906837":"Content Feed","title@instance:1743095018194":"Most Recent Updates","title@instance:1702668293472":"Community Feed","title@instance:1743095117047":"Most Recent Updates","title@instance:1704319314827":"Blog Feed","title@instance:1743095235555":"Most Recent Updates","title@instance:1704320290851":"My Contributions","title@instance:1703720491809":"Forum Feed","title@instance:1743095311723":"Most Recent Updates","title@instance:1703028709746":"Group Content Feed","title@instance:VTsglH":"Content Feed"},"localOverride":false},"Category:category:Forums":{"__typename":"Category","id":"category:Forums","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:TechnicalForum":{"__typename":"Forum","id":"board:TechnicalForum","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:WaterCooler":{"__typename":"Forum","id":"board:WaterCooler","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Articles":{"__typename":"Category","id":"category:Articles","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"Articles"},"Tkb:board:TechnicalArticles":{"__typename":"Tkb","id":"board:TechnicalArticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:DevCentralNews":{"__typename":"Tkb","id":"board:DevCentralNews","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:GroupsCategory":{"__typename":"Category","id":"category:GroupsCategory","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:F5-Groups":{"__typename":"Category","id":"category:F5-Groups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityGroups":{"__typename":"Category","id":"category:CommunityGroups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:Events":{"__typename":"Occasion","id":"board:Events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Idea:board:Suggestions":{"__typename":"Idea","id":"board:Suggestions","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"ideaPolicies":{"__typename":"IdeaPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CrowdSRC":{"__typename":"Category","id":"category:CrowdSRC","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:codeshare":{"__typename":"Tkb","id":"board:codeshare","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:communityarticles":{"__typename":"Tkb","id":"board:communityarticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:security-insights":{"__typename":"Tkb","id":"board:security-insights","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"security-insights","nodeType":"board","conversationStyle":"TKB","title":"Security Insights","shortTitle":"Security Insights","parent":{"__ref":"Category:category:Articles"}},"Tkb:board:article-series":{"__typename":"Tkb","id":"board:article-series","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:341899":{"__typename":"Conversation","id":"conversation:341899","topic":{"__typename":"TkbTopicMessage","uid":341899},"lastPostingActivityTime":"2025-06-11T11:52:23.063-07:00","solved":false},"User:user:172154":{"__typename":"User","uid":172154,"login":"Lior_Rotkovitch","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xNzIxNTQtMjAxMzJpNEEwNDMzMEE3QzhGNzhDRA"},"id":"user:172154"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4OTktb0l1a2xu?revision=7\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4OTktb0l1a2xu?revision=7","title":"f5 sirt lior-rotkovitch.png","associationType":"TEASER","width":300,"height":169,"altText":""},"TkbTopicMessage:message:341899":{"__typename":"TkbTopicMessage","subject":"OWASP 2025 conference, KEV and RCE.","conversation":{"__ref":"Conversation:conversation:341899"},"id":"message:341899","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:security-insights/message:341899","revisionNum":7,"uid":341899,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:172154"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Attending the OWASP 2025 this time something was different, the software has reached a tipping point ! AI is here and once you understand and internalize how AI technology can be used ,you realize that things are going to be very different. \n \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":91},"postTime":"2025-06-11T11:52:23.063-07:00","lastPublishTime":"2025-06-11T11:52:23.063-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Attending the OWASP 2025 conference last week offered a valuable glimpse into the local application security landscape, providing a clear picture of current trends and market direction. Over the years, we've seen many technologies and methodologies emerge. These include cloud-native architectures to APIs, agile development, and shift-left security — each reshaping how we build and protect software. But this time, something felt fundamentally different. The software has reached a tipping point! AI is here. \n Meanwhile, in the real world, active exploitations are causing tangible damage to businesses and users, with patches being deployed globally to address vulnerabilities. Yet another RCE vulnerability has surfaced in the wild—what a start to the first week of June. \n Will AI save us? \n Until next time, keep it safe! \n Lior \n \n United Natural Foods Hit by Cyberattack \n Grocery wholesale giant United Natural Foods (UNFI) revealed a cyberattack that disrupted operations and forced the invocation of business continuity plans. The firm engaged law enforcement and external cybersecurity experts to investigate. They implemented workarounds to maintain services while bringing systems back online. An investigation is ongoing to determine the extent of the breach and theft of customer or supplier data. bleepingcomputer.com \n \n Old AT&T Data Leak Repackaged \n Data from a 2021 AT&T breach—previously split into separate datasets—has resurfaced in a combined file linking 49 million phone numbers to SSNs and DOBs. The threat actor republished this merged data on June 5, raising alarm over the re‑exposure of sensitive personal information. Security experts stress that even old breaches can resurface with renewed risk. AT&T has not yet issued a public notice regarding the repackaged leak. bleepingcomputer.com \n \n Critical Fortinet Flaws Exploited by Qilin Ransomware \n A coordinated Qilin ransomware campaign, dubbed “Phantom Mantis,” has exploited multiple FortiGate vulnerabilities (e.g., CVE‑2024‑21762, CVE‑2024‑55591) since late May. PRODAFT intelligence confirms that these critical weaknesses paved the way for initial access and ransomware deployment across sectors. Affected organizations are urged to apply Fortinet patches immediately to stop the active intrusions. bleepingcomputer.com \n \n CISA Adds Five KEV Vulnerabilities \n On June 2, CISA updated its Known Exploited Vulnerabilities (KEV) catalog with five new CVEs under active attack. This includes two ASUS router flaws, two affecting Craft CMS, and one in ConnectWise ScreenConnect. Federal agencies and critical infrastructure operators must remediate these within 21 days under BOD 22‑01 guidelines. The addition underscores the increasing exploitation of widely deployed systems. cisa.gov \n \n PathWiper Malware Disrupts Ukraine’s Critical Infrastructure \n Russia-linked actors deployed “PathWiper,” a destructive malware aimed at Ukrainian critical systems in early June. The attack overwrote data on target infrastructure, causing permanent damage. SecurityWeek reports the campaign reflects escalating cyber tactics used in geopolitical conflicts. The public revelation raises alarm over targeted ransomware-like actions beyond extortion. securityweek.com \n \n Cisco ISE/CCP Flaws with Public Exploits \n On June 4, Cisco released patches for three vulnerabilities in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) that already have public exploit code. These flaws could allow attackers to escalate privileges or disrupt services. Cisco recommends emergency patching and disabling affected modules until updates are deployed. bleepingcomputer.com \n \n New Supply‑Chain Malware Hits npm and PyPI \n On June 6, “Aikido” malware tainted multiple open-source packages on npm and PyPI repositories. Attackers injected malicious code, enabling cryptomining, data theft, and service disruption. Users are advised to audit dependencies and remove compromised packages to prevent infection spread. The incident highlights persistent risks in open‑source supply chains. thehackernews.com ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"4219","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4OTktb0l1a2xu?revision=7\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:341727":{"__typename":"Conversation","id":"conversation:341727","topic":{"__typename":"TkbTopicMessage","uid":341727},"lastPostingActivityTime":"2025-06-04T08:30:04.547-07:00","solved":false},"User:user:217342":{"__typename":"User","uid":217342,"login":"Christopher_Pa1","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yMTczNDItSUNpMG9j?image-coordinates=0%2C0%2C160%2C160"},"id":"user:217342"},"TkbTopicMessage:message:341727":{"__typename":"TkbTopicMessage","subject":"Google Calendar Exploits, Fake AI Packages, Malware Arrests, and a Newly Proposed Exploit Metric","conversation":{"__ref":"Conversation:conversation:341727"},"id":"message:341727","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:security-insights/message:341727","revisionNum":2,"uid":341727,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:217342"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":151},"postTime":"2025-06-04T08:30:04.547-07:00","lastPublishTime":"2025-06-04T08:30:04.547-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Notable security news for the week of May 25 –June 1. Your editor this week is Chris from the F5 Security Incident Response Team. This week I will highlight Google Calendar exploits by an Advanced Persistent Threat (APT), malware installers disguised as popular AI tools, the arrest of 21 people in Pakistan operating a malware service, and a new exploit equation aimed at aiding KEV and EPSS. \n \n Google Calendar Exploits \n The Chinese state-sponsored threat actor APT41 has been using a malware called TOUGHPROGRESS to leverage Google Calendar for command-and-control (C2) operations. Google discovered this activity in late October of 2024. The malware was hosted on a compromised government website targeting multiple other government entities. \n The malware consists of three distinct components: \n \n PLUSDROP: A DLL used to decrypt and execute the next-stage payload in memory. \n PLUSINJECT: Performs process hollowing on a legitimate \"svchost.exe\" process to inject the final payload. \n TOUGHPROGRESS: The primary malware that uses Google Calendar for C2. \n \n The malware reads and writes events with an attacker-controlled Google Calendar, storing harvested data in event descriptions and executing encrypted commands. Google has taken down the malicious Google Calendar and terminated the associated Workspace projects, neutralizing the campaign. \n https://thehackernews.com/2025/05/chinese-apt41-exploits-google-calendar.html \n \n Fake AI Tool Packages \n Since mid-October 2024, cybercriminals have been using fake installers for popular AI tools like OpenAI ChatGPT and InVideo AI to spread different types of malware. These include CyberLock ransomware, Lucky_Gh0$t ransomware, and a new malware called Numero. Developed using PowerShell, CyberLock encrypts specific files on the victim's system and demands a $50,000 ransom in Monero, claiming the funds will support humanitarian causes. A variant of the Yashma ransomware, Lucky_Gh0$t targets files smaller than 1.2GB for encryption and deletes backups, demanding ransom payments via the Session messaging app. This destructive malware manipulates the graphical user interface components of Windows, rendering the machines unusable. It continuously runs on the victim's machine through an infinite loop. The fake AI tool websites use SEO poisoning techniques to boost their rankings and lure victims into downloading malware-loaded installers. The campaign targets individuals and organizations in the B2B sales and marketing sectors, using the popularity of AI tools to spread malware. \n There are multiple ways you can reduce the risk of malware threats: \n \n Use Security Software: Install reputable antivirus and anti-malware software. Ensure it is regularly updated to protect against the latest threats. \n Be Cautious with Emails: Avoid clicking on links or opening attachments from unknown or suspicious emails. Phishing emails are a common way to spread malware. \n Download from Trusted Sources: Only download software from official websites or reputable sources. Avoid third-party platforms that might disguise malware as legitimate software. \n Keep Software Updated: Regularly update your operating system and all installed software to patch vulnerabilities that could be exploited by malware. \n Use Strong Passwords: Implement strong, unique passwords for all your accounts and consider using a password manager to keep them secure. \n Enable Two-Factor Authentication: Add an extra layer of security to your accounts by enabling two-factor authentication wherever possible. \n \n These are all good practices to use at any time. It is always a good idea to stay diligent when it comes to security. \n https://thehackernews.com/2025/05/cybercriminals-target-ai-users-with.html \n \n Heartsender Malware Service Arrests \n Pakistani authorities have arrested 21 individuals accused of operating \"Heartsender,\" a spam and malware dissemination service active for over a decade. The alleged ringleader, Rameez Shahzad, and other core developers were publicly identified in 2021 after making several operational security mistakes, such as inadvertently infecting their own computers with malware, which exposed their identities and operations. Heartsender's tools were linked to over $50 million in losses in the U.S., with European authorities investigating 63 additional cases. Heartsender provided spam and malware dissemination tools, primarily targeting users of various Internet services like Microsoft 365, Yahoo, AOL, Intuit, iCloud, and ID.me. The main clients were organized crime groups that used these tools for business email compromise (BEC) schemes. These schemes tricked companies into making payments to third parties by impersonating legitimate business contacts. The service was marketed under multiple brands, including Heartsender, Fudpage, and Fudtools. \"Fud\" stands for \"Fully Un-Detectable,\" indicating that the tools were designed to evade detection by security software. The FBI and Dutch Police seized the technical infrastructure for Heartsender in January 2025. \n https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/ \n \n Likely Exploited Vulnerabilities (LEV) \n Researchers from CISA and NIST have proposed a new cybersecurity metric called Likely Exploited Vulnerabilities (LEV). This metric will help us figure out how likely a vulnerability has been used in the wild. LEV aims to enhance existing tools like Known Exploited Vulnerabilities (KEV) lists and the Exploit Prediction Scoring System (EPSS) by providing more accurate prioritization for vulnerability remediation. \n KEV (Known Exploited Vulnerabilities) Lists: \n \n Purpose: Catalog vulnerabilities that have been confirmed to be exploited in the wild. \n Usage: Helps organizations prioritize patching and remediation efforts by focusing on vulnerabilities that attackers are actively using. \n \n EPSS (Exploit Prediction Scoring System): \n \n Purpose: Provides a 30-day probability that a vulnerability will be exploited. \n Usage: Assists in predicting which vulnerabilities are likely to be targeted, helping organizations prioritize their security efforts. \n \n Both tools are essential for effective vulnerability management, with KEV lists focusing on known exploits and EPSS providing predictive insights. \n LEV uses equations that consider variables such as the first date an EPSS score is available, the date of the most recent KEV list update, inclusion in KEV, and the EPSS score measured across multiple days. LEV probabilities can help measure the expected number and proportion of vulnerabilities exploited by threat actors and estimate the comprehensiveness of KEV lists. NIST is seeking industry partners with relevant datasets to empirically measure the performance of LEV probabilities. \n In vulnerability management, LEV can be used for enhancement in several ways: \n \n Prioritization: LEV helps organizations prioritize vulnerabilities that are most likely to be exploited, ensuring that critical patches are applied first. \n LEV is more accurate because it uses data from KEV lists and EPSS scores. This means it can find vulnerabilities that are not being exploited as often. \n Resource Allocation: LEV enables better allocation of resources by focusing efforts on vulnerabilities with the highest exploitation probability, optimizing security operations. \n Risk Management: LEV probabilities help measure the expected number and proportion of vulnerabilities exploited by threat actors, aiding in comprehensive risk management. \n Collaboration: LEV encourages collaboration between industry partners and researchers to empirically measure and improve vulnerability management practices. \n \n The hope is that by integrating LEV into existing tools and processes, organizations can improve their ability to identify, prioritize, and mitigate vulnerabilities effectively. \n https://www.securityweek.com/vulnerability-exploitation-probability-metric-proposed-by-nist-cisa-researchers/ ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"8484","kudosSumWeight":4,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:341538":{"__typename":"Conversation","id":"conversation:341538","topic":{"__typename":"TkbTopicMessage","uid":341538},"lastPostingActivityTime":"2025-05-28T05:00:00.029-07:00","solved":false},"User:user:73921":{"__typename":"User","uid":73921,"login":"Dharminder","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS03MzkyMS14cFZvSDI?image-coordinates=35%2C195%2C924%2C1084"},"id":"user:73921"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE1MzgtbDl3eXlY?revision=3\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE1MzgtbDl3eXlY?revision=3","title":"SIRT_DevCentral (1).jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:341538":{"__typename":"TkbTopicMessage","subject":"Massive DDoS, DanaBot Dismantled, Scraped Discord Messages and Signal Blocks Windows Recall","conversation":{"__ref":"Conversation:conversation:341538"},"id":"message:341538","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:security-insights/message:341538","revisionNum":3,"uid":341538,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:73921"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n Notable security news for the week of May 18th-24th May 2025, brought to you by the F5 Security Incident Response Team. This week, your editor is Dharminder. In this edition, I have security news about ‘Signal messenger, which has blocked Windows Recall to protect its user privacy. Massive 6.3Tbps of DDoS attack on KrebsOnsecurity, CrowdStrike and DOJ collaborated to Dismantle DanaBot Malware Network and user messages from Discord’s app are dumped online by the researchers ","introduction":"","metrics":{"__typename":"MessageMetrics","views":225},"postTime":"2025-05-28T05:00:00.029-07:00","lastPublishTime":"2025-05-28T05:00:00.029-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Notable security news for the week of May 18–24, 2025, is brought to you by the F5 Security Incident Response Team. This week, your editor is Dharminder. In this edition, I have security news about ‘Signal messenger, which has blocked Windows Recall to protect its user privacy; massive 6.3Tbps of DDoS attacks on KrebsOnsecurity; CrowdStrike, and DOJ collaborated to dismantle DanaBot Malware Network and user messages from Discord’s app were dumped online by the researchers. \n We at F5 SIRT invest a lot of time to understand the frequently changing behavior of bad actors. Bad actors are a threat to your business, your reputation, your livelihood. That’s why we take the security of your business seriously. When you’re under attack, we’ll work quickly to effectively mitigate attacks and vulnerabilities, and get you back up and running. So next time you are under security emergency, please contact F5 SIRT. \n Ok, let’s get started and see the details of the security news. \n \n Signal Blocks Windows Recall to Protect User Privacy \n Signal Messenger has added a new rule that stops Windows from taking screenshots of its Desktop app. This is because Microsoft’s Recall AI tool in Windows 11 is a privacy risk. Recall, which captures and indexes user activity every three seconds, raises significant privacy concerns by storing data—including conversations, emails, and sensitive details—in plaintext or encrypted databases vulnerable to decryption. Although Microsoft recently overhauled Recall, making it opt-in and encrypting data, privacy risks persist due to inadequate developer tools, minimal user controls, and potential exposure to sophisticated malware. Signal criticized Microsoft’s lack of options for blocking Recall and creatively repurposed a DRM API—designed to protect copyrighted material—to safeguard user messages from being indexed. While Signal’s measure adds an extra layer of protection, it has limitations, applying only if all users maintain default settings. Signal expressed frustration at the need to balance privacy with accessibility, and urged developers of AI tools like Recall to consider ethical implications and provide proper resources. \n \n https://signal.org/blog/signal-doesnt-recall/ \n https://arstechnica.com/security/2025/05/signal-resorts-to-weird-trick-to-block-windows-recall-in-desktop-app/?utm_source=tldrinfosec \n \n \n KrebsOnSecurity Endures Massive 6.3 Tbps DDoS Attack \n In May 2025, KrebsOnSecurity suffered a massive 6.3 Tbps distributed denial-of-service (DDoS) attack, among the largest recorded. The Aisuru botnet planned this short but fierce attack. It is a network of compromised Internet of Things (IoT) devices like routers and digital video recorders. It used default passwords and software weaknesses to attack these devices. Google’s Project Shield, mitigated the attack, delivering approximately 585 million data packets per second, marking the largest attack the service has handled to date. Aisuru, also known as “Airashi,” had previously surfaced in August 2024, targeting a gaming platform, and reemerged in November with enhanced capabilities, including a zero-day vulnerability in Cambium Networks cnPilot routers. The botnet’s operators, using the alias “Forky” and Telegram handle “@yfork,” have been offering DDoS-for-hire services via public Telegram channels, with subscription tiers ranging from $150 per day to $600 per week. Even though the FBI took over domains like Stresser, Forky kept promoting and running these services. The scale and sophistication of the Aisuru botnet underscore the evolving threat landscape posed by IoT-based DDoS attacks. \n \n https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/?utm_source=tldrinfosec \n https://hackread.com/krebsonsecurity-6-3-tbps-ddos-attack-aisuru-botnet/ \n \n \n CrowdStrike and DOJ Dismantle DanaBot Malware Network \n CrowdStrike, in collaboration with the U.S. Department of Justice (DOJ) and the Defense Criminal Investigative Service (DCIS), has successfully disrupted the DanaBot malware operation, a significant cyber threat tracked as SCULLY SPIDER. DanaBot, active since 2018, functioned as a malware-as-a-service platform, facilitating activities such as credit card theft, wire fraud, and cryptocurrency exfiltration. Its modular design allowed for adaptability, including capabilities like keystroke logging and hidden virtual network computing (HVNC). DanaBot was used in supply chain attacks, notably through hacked NPM packages like ua-parser-js and coa. These attacks affected industries like transportation, media, technology, and financial services. The malware’s operations extended beyond financial crimes. It aligned with Russian state interests by targeting military, diplomatic, and government entities, particularly during Russia’s invasion of Ukraine. The DCIS’s seizure of DanaBot’s U.S.-based command-and-control servers has effectively neutralized the threat, severing the operators’ control over infected systems. This takedown underscores the blurred lines between cybercrime and state-sponsored cyber operations. It highlights the importance of public-private partnerships in countering complex cyber threats \n \n https://www.crowdstrike.com/en-us/blog/crowdstrike-partners-with-doj-disrupt-danabot-malware-operators/ \n https://thehackernews.com/2025/05/us-dismantles-danabot-malware-network.html \n \n \n Researchers Release 2 Billion Scraped Discord Messages \n A team at Brazil’s Federal University of Minas Gerais scraped and published an anonymized dataset of 2,052,206,308 messages from 3,167 public Discord servers—about 10 percent of the platform’s open communities—spanning 2015 through 2024 and involving 4,735,057 users. Released alongside their paper “Discord Unveiled: A Comprehensive Dataset of Public Communication (2015–2024),” the corpus aims to fuel research into political discourse, misinformation propagation, moderation strategies, and AI training. To protect privacy, usernames were replaced with pseudonyms, and user and message identifiers were hashed and truncated, but experts warn that such measures often fail to prevent re-identification when conversations are reconstructed. The researchers say that public server data is okay to use for academic studies. However, their methods break Discord’s Terms of Service, which clearly say that you can’t scrape data without written permission. Discord has confirmed an investigation and potential enforcement actions, emphasizing user‐data protection. This release underscores tensions between open‐data research and platform policies, reminding users that “public” online conversations may persist indefinitely and be repurposed beyond their original context \n \n \n https://gizmodo.com/researchers-dump-2-billion-scraped-discord-messages-online-2000605471?utm_source=tldrinfosec \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"6895","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE1MzgtbDl3eXlY?revision=3\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:341468":{"__typename":"Conversation","id":"conversation:341468","topic":{"__typename":"TkbTopicMessage","uid":341468},"lastPostingActivityTime":"2025-05-22T08:24:38.160-07:00","solved":false},"User:user:129412":{"__typename":"User","uid":129412,"login":"Kyle_Fox","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/custom/Frankenstack_11-1706132273780.svg?time=1706132301000"},"id":"user:129412"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE0NjgtcHRacDFB?revision=3\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE0NjgtcHRacDFB?revision=3","title":"SIRT_DevCentral.jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:341468":{"__typename":"TkbTopicMessage","subject":"Banking Authentication, Solar, Patch Tuesday, DEF CON","conversation":{"__ref":"Conversation:conversation:341468"},"id":"message:341468","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:security-insights/message:341468","revisionNum":3,"uid":341468,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:129412"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":115},"postTime":"2025-05-22T08:24:38.160-07:00","lastPublishTime":"2025-05-22T08:24:38.160-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Kyle Fox here, back for the week of May 11–17, and yet again it seems to be a week light on news, at least the news we'd report here. My main highlight this week is about Banking Authentication issues, and I also touch on a few other stories of note and as always, there's the roundup at the end. \n \n Banking Authentication Continues to Be Bad \n \n As Jamal Habash wrote last week, the state of bank authentication systems still leaves much to be desired. Major issues still continue to be the lack of TOTP or FIDO2 support; instead banks are still largely relying on SMS, which as we know is interceptable either via SIM swaps or more advanced SS7 attacks. Other issues I have seen are highly restrictive password policies, which I have felt in the past limit the entropy in a password rather than increase it. I think that instead of setting rules like no words or must have special characters, passwords should be measured by the entropy in the password. Other issues are the ever-increasing arms race for password size. One institution I bank with now requires 20 characters in its password, and limits on password length; with another institution I know of still limiting passwords to 16 characters. \n \n So, how do we fix this? Jamal suggests a number of technologies to fix a lot of these issues: \n \n \n Passkeys \n TOTP Support \n Hardware Security Keys \n Secure Recovery Paths \n Password Manager Compatibility \n \n \n The last one highlights an annoying issue I see with banks: They often do not let you paste a password in, or pasting a password in triggers extra checks that make it harder to log in or end up locking you out. Hopefully with more and more industry guidance behind these new methods, things will change for the better, but banks are going to have to be dragged kicking and screaming into that new way. \n \n Researchers Claim Solar Inverters Contain Rogue Implants \n \n Reminiscent of the great Deye bricking last year, researchers are alleging that they have found remote access devices in commercial solar equipment designed for utility scale solar setups. The reports I have seen have been quite light on details about the actual findings, instead mostly containing a lot of background information. Needless to say, I am skeptical for now, until the research is published and we get to see what is actually going on, as opposed to a sensational story like the Supermicro/Bloomberg incident. \n \n Big Patch Tuesday \n \n This week, Microsoft fixed a large number of issues in its monthly \"Patch Tuesday\" including 5 vulnerabilities currently being actively exploited in the wild. The regular patch cadence and somewhat enforced patch installation has continued to make things hard for malware writers as they have to create their own update systems to keep up. \n \n DEF CON Continues To Get More Expensive \n \n As hacker summer camp approaches, we note that DEF CON has climbed in price to $520 at the door. This is certainly not tracking with the previous promise that it would only go up $10 each year. Since I work with a few non-DEF CON-related events and also DEFCON Furs in Las Vegas, I have seen large changes in how contracts are being negotiated for events in the area. Before the pandemic, gaming turnover minimums were only ever hinted at and never actually discussed, and now they are a guiding metric in contract negotiations. It also does not help that Las Vegas has seen a steep decline in tourism lately with uncertainty about international travel to the US. This year will be interesting because of the problems with importing electronic hacking tools and making electronic DEF CON badges. \n \n Roundup: \n \n \n This week's YouTube recommendation is Techmoan, a British presenter who reviews sometimes-old electronics, including the most bizarre surround sound system you have ever seen. \n Once again, a method is being devised to find where cellular devices are, this time using VoLTE. \n Breachforums found liable for $700k over Nonstop Health breach. \n Shop class pays off with careers in the skilled trades. \n Here’s a look into Japan's contactless smartcards. \n Researchers have found two more flaws in branch prediction in Intel CPUs. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"4279","kudosSumWeight":3,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE0NjgtcHRacDFB?revision=3\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:341309":{"__typename":"Conversation","id":"conversation:341309","topic":{"__typename":"TkbTopicMessage","uid":341309},"lastPostingActivityTime":"2025-05-15T09:30:13.950-07:00","solved":false},"User:user:72057":{"__typename":"User","uid":72057,"login":"ArvinF","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS03MjA1Ny1ndTdUdTE?image-coordinates=90%2C126%2C444%2C481"},"id":"user:72057"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDEzMDktNjRCd3dJ?revision=3\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDEzMDktNjRCd3dJ?revision=3","title":"f5SIRT_DevCentral.jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:341309":{"__typename":"TkbTopicMessage","subject":"F5 May 2025 QSN, Big dollar cough up, buggy-spy chat apps","conversation":{"__ref":"Conversation:conversation:341309"},"id":"message:341309","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:security-insights/message:341309","revisionNum":3,"uid":341309,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:72057"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n On May 5th, F5 disclosed 12 issues, 11 Highs, and 1 Medium Severity CVEs for the F5 May 2025 Quarterly Security Notifications. Most of the issues disclosed were classic DoS on BIG-IP products and the BIG-IP NEXT products and are fixed in the latest BIG-IP 17.5, 16.1.6, and most in15.1.10.7 versions and the latest BIG-IP NEXT versions. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":145},"postTime":"2025-05-14T09:29:55.123-07:00","lastPublishTime":"2025-05-15T09:30:13.950-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello! ArvinF is your editor for this edition of the F5 SIRT's This Week in Security, covering May 4 - 10. Let's get to it! \n F5 May 2025 QSN - 12 issues, 11 Highs, and 1 Medium Severity CVEs, BIG-IP 17.5 not affected. \n On May 5th, F5 disclosed 12 issues, 11 Highs, and 1 Medium Severity CVEs for the F5 May 2025 Quarterly Security Notifications. Most of the issues disclosed were classic DoS on BIG-IP products and the BIG-IP NEXT products and are fixed in the latest BIG-IP 17.5, 16.1.6, and most in15.1.10.7 versions and the latest BIG-IP NEXT versions. There were two F5OS issues and are both fixed in F5OS-A on rSeries and F5OS-C on VELOS version 1.8.0. There was one BIG-IP CVE that affects Appliance Mode in the Control Plane and requires Authenticated Administrator role privileges before an attempt can be made to abuse the flaw. \n It is recommended to install the fixed BIG-IP and BIG-IP NEXT and F5OS versions to fully fix the vulnerabilities. Mitigation and workarounds are provided when applicable. As for the BIG-IP Appliance Mode control plane issue that requires Authenticated Administrator role privileges (and as for other BIG-IP Control plane issues), follow best practices and ensure to secure access to the BIG-IP management interfaces and allow access only to trusted users and networks. \n K000151008: Quarterly Security Notification (May 2025) \n https://my.f5.com/manage/s/article/K000151008 \n \"Spy\" Chat app maker will have to cough up $168M \n NSO must pay Meta $168M as they win in court for Whatsapp flaw exploitation. The WhatsApp zero-day, zero-click vulnerability was used to deploy spyware, Pegasus, with just a single phone call and no requirement on the victim to do anything other than have their handheld switched on. The spyware can access all the data on the devices, including phone records, emails, messages, and video. It can also see where the device is. It can even let its operator turn on the handset's camera and microphone for clandestine recording. The spyware targeted over a thousand WhatsApp users, including human rights activists, journalists, diplomats, and others in civil society. Meta worked with Citizen Lab to look into the attack and warn the people being attacked. They wanted to learn more about the attack and find ways to protect their devices. The eight-person jury handed out a fine that amounts to nearly three times the NSO’s annual R&D budget, according to Meta's estimates. \n Super spyware maker NSO must pay Meta $168M in WhatsApp court battle \n https://www.theregister.com/2025/05/06/nso_group_meta_verdict/ \n https://about.fb.com/news/2025/05/winning-the-fight-against-spyware-merchant-nso/ \n \"TM SGNL\" Chat app - stores chat logs in plain text in TeleMessage archive servers \n Per the researcher findings, the TeleMessage fake Signal app, called TM SGNL, shows how it works and why it's so insecure. It also analyzed the source code for TM SGNL's Android app, and what led to the conclusion that TeleMessage can access plaintext chat logs. This \"TM SGNL\" Chat app is embroiled in scandal as it was used in the \"Signalgate\" where \"secret military plans were shared in a group text chat that inadvertently included a journalist.\" Analysis of the source code also noted hard-coded credentials and chat logs archives were stored in plain text, and were not re-encrypted. \n Signal chat app clone used by Signalgate's Waltz was apparently an insecure mess \n https://www.theregister.com/2025/05/05/telemessage_investigating/ \n https://micahflee.com/despite-misleading-marketing-israeli-company-telemessage-used-by-trump-officials-can-access-plaintext-chat-logs/ \n Google coughed up $1.375 Billion over Unauthorized Tracking and Biometric Data Collection \n \"The case, originally filed in 2022, related to unlawful tracking and collection of user data, regarding geolocation, incognito searches, and biometric data, tracking users' whereabouts even when the Location History setting was disabled and collecting the biometric data without informed consent.\" \n \"For years, Google secretly tracked people's movements, private searches, and even their voiceprints and facial geometry through their products and services,\" Texas Attorney General Ken Paxton said in a statement. \n \"This $1.375 billion settlement is a major win for Texans' privacy and tells companies that they will pay for abusing our trust.\" \n Last year, Google announced plans to store Maps Timeline data locally on users' devices instead of their Google accounts. The company has also rolled out other privacy controls that allow users to auto-delete location information when the Location History setting is enabled. \n The payment also rivals a $1.4 billion fine that Meta paid Texas to settle a lawsuit over allegations that it illegally collected the biometric data of millions of users without their permission. \n The development comes at a time when Google is the subject of intense regulatory scrutiny on both sides of the Atlantic, facing calls to break up parts of its business to satisfy antitrust concerns.\" \n https://thehackernews.com/2025/05/google-pays-1375-billion-to-texas-over.html \n Big Bucks Crypto eXch shut down over $1.9B Laundering, €34M in Crypto, and 8TB of Data seized \n \"Germany's Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has seized the online infrastructure and shutdown linked to the eXch cryptocurrency exchange over allegations of money laundering and operating a criminal trading platform. The operation was carried out on April 30, 2025, authorities said, adding they also confiscated 8 terabytes worth of data and cryptocurrency assets worth €34 million ($38.25 million) in Bitcoin, Ether, Litecoin, and Dash. \n eXch \"specifically advertised on platforms of the criminal underground economy (UE) that it did not implement any anti-money laundering measures,\" the BKA said in a statement. \n \"Users were neither required to identify themselves to the service, nor was user data stored there. Crypto swapping via eXch was therefore particularly suitable for concealing financial flows.\" \n Cryptocurrency assets worth an estimated $1.9 billion are estimated to have been transferred using the service since its launch. This also includes a portion of the illicit proceeds gained by North Korean threat actors following the Bybit hack earlier this year. \n The development comes as eXch announced its own plans on April 17 to cease operations effective this month, prompting the authorities to secure \"numerous pieces of evidence and leads.\" \n There are more nefarious activities that is masked through the exchanges that happened on eXch - excellent work by the authorities on the shut-down of its operations. \n Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data \n https://thehackernews.com/2025/05/germany-shuts-down-exch-over-19b.html \n US DoD SWFT tackling outdated software procurement \n \"The US Department of Defense (DoD) is overhauling its \"outdated\" software procurement systems, and insists it's putting security at the forefront of decision-making processes. \n The DoD established the department's Software Fast Track (SWFT) initiative via a memo, which promised to reform how software is acquired, tested, and authorized. \n Department of Defense Cybersecurity and Supply Chain Risk Management (SCRM) practices within the Department must adapt and keep pace with software development and the increasing complexity and evolution of supply chain risk. \n The DoD's security has been tested in recent times, from malware campaigns targeting procurement systems to defense partners leaking sensitive information for almost two years. \n In various other cases across local and national governments, and the aforementioned case of a sensitive partner breach, software vulnerabilities were singled out as the initial intrusion vector. It's likely that one of the main goals of the SWFT initiative is to ensure fewer and fewer of these stories become reality. \n Also campaigning for more secure government software is the Cybersecurity and Infrastructure Security Agency (CISA)\" \n Pentagon declares war on 'outdated' software buying, opens fire on open-source \n https://www.theregister.com/2025/05/06/us_dod_software_procurement/ \n https://www.theregister.com/2022/10/05/military_contractor_hack/ \n https://blog.lumen.com/hiatusrat-takes-little-time-off-in-a-return-to-action/ \n https://dodcio.defense.gov/Portals/0/Documents/Library/Memo-AcceleratingSecureSoftware.pdf \n https://www.defense.gov/News/Releases/Release/Article/4174350/software-fast-track-initiative/ \n It’s terrifying to be on the other end of a \"swatting\" \n \"A trio alleged to have made various swatting calls in the US and Canada between October 2022 and April 2023. \"The charges are the culmination of an extensive investigation by Merseyside Police working with US law enforcement, including the FBI,\" the FBI launched a public awareness campaign urging the general public to swot up on swattings in case they ever have the misfortune of being on the receiving end of one. Seen by some as a funny prank, these dead-serious calls can lead to untoward incidents with innocent people. \n \"Advanced preparation, including the proactive measures listed below, can help mitigate risks associated with doxing and SWATting attempts. \n \n Exercise effective cyber-security practices online to help protect your sensitive information and mitigate risks associated with your digital footprint. • Consider discussing doxing and SWATting with your family members and have a plan in place in the event of LE contact at your residence. \n \n As always, should you receive any threats to your safety, report these concerns immediately to your local law enforcement agency. In the event you are involved in a doxing or SWATting incident, please notify your local FBI field office as soon as it is feasible. \" \n Three Brits charged over 'active shooter threats' swattings in US, Canada. \n https://www.theregister.com/2025/05/02/three_brits_charged_over_us_swattings/ \n https://www.theregister.com/2025/04/30/fbi_crackdown_on_swatting_not/ \n https://socxfbi.org/SFSA/SFSA/Featured-Articles/Urgent-Safety-Message-from-FBI.aspx \n That's it for now \n This week, we had the F5 May 2025 QSN. It is recommended to upgrade to the fixed F5 versions and implement mitigations and workarounds when applicable. As a general security advise, as seen on the \"Pegasus\" and \"TM SGNL\" news, always update your mobile applications and ensure that the update came from the actual vendor. Mobile phone software is always under scrutiny and research by malicious actors for vulnerabilities that can be taken advantage of to deploy malware that may have financial and privacy impact. Keep your personal information secure by limiting exposure in business and social media sites and read the fine print on sites that intend to gather your data - you can use the \"reject all\" option if it exists. I hope the news I picked is informative and educational. Till next time - Stay Safe and Secure! \n As always, if this is your first TWIS, you can always read past editions. We also encourage you to check out all of the content from the F5 SIRT. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"11376","kudosSumWeight":1,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDEzMDktNjRCd3dJ?revision=3\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:341193":{"__typename":"Conversation","id":"conversation:341193","topic":{"__typename":"TkbTopicMessage","uid":341193},"lastPostingActivityTime":"2025-05-09T08:18:11.253-07:00","solved":false},"User:user:241262":{"__typename":"User","uid":241262,"login":"MegaZone","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yNDEyNjItMTg4ODFpN0U1OEE0RTAwMDg0NDJGMQ"},"id":"user:241262"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDExOTMtU1cxTElS?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDExOTMtU1cxTElS?revision=4","title":"SIRT_DevCentral.jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:341193":{"__typename":"TkbTopicMessage","subject":"The Future Soon","conversation":{"__ref":"Conversation:conversation:341193"},"id":"message:341193","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:security-insights/message:341193","revisionNum":4,"uid":341193,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:241262"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n It's the first May, first of May, outdoor... Oh, hi, didn't see you there. Welcome back, once again, to This Week In Security the weekly (mostly weekly) newsletter where we take the random security news of the week and run it down. I'm your host this week, , and these are the items that happened to catch my eye as I once again drank from the firehose of doom, or security news, same thing. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":167},"postTime":"2025-05-08T08:29:52.736-07:00","lastPublishTime":"2025-05-09T08:18:11.253-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" It's the first May, first of May, outdoor... Oh, hi, didn't see you there. Welcome back, once again, to This Week In Security, the weekly (mostly weekly) newsletter where we take the random security news of the week and run it down. I'm your host this week, MegaZone, and these are the items that happened to catch my eye for the week of April 27th to May 3rd, as I once again drank from the firehose of doom, or security news, same thing. \n But before I jump in, I just need to say... Signalgate. What? Or any of its sequels so far — the latest news is just insane. Just when you think the cybersecurity clown show can't get any worse, or more ridiculous, it does. I suspect that if anyone reading this right now did anything half as inept as some of our most trusted government officials, it would mean instant termination. It's really frustrating working to try to improve security only to see those who should take it the most seriously utterly trashing it. It's disheartening, really. But her emails. \n Anyway, let's jump into it... \n Good Morning Tucson \n It was a few weeks ago, but as this is my first TWIS since, I'm going to talk about VulnCon a bit. VulnCon 2025 was held April 7–10 in Raleigh, NC, for the second year in a row—but it will not be back next year. As revealed at the end of the event, and on the FIRST Events page for 2026 and 2027, VulnCon is moving to Arizona - but actually Scottsdale, not Tucson. It is relocating to the DoubleTree Resort by Hilton, Paradise Valley, held April 13–16, 2026, This is a resort with an attached convention facility, so we'll be able to stay on-site. We'll also have more space, allowing for more content and more attendees. We don't want to grow too quickly, and this facility should be good for at least the next couple of years. \n I’ll miss Raleigh. The last few years have been fun because I’ve been able to explore the area, find interesting places, and go back to some of my favorite places. The McKimmon Center at NC State has been a decent facility for us, but we've outgrown it and needed to find a new place. I've never been to Scottsdale, so that'll be a new experience. \n Back to this year — VulnCon was bigger and better in its second year. I may be biased, as a member of the program committee, but I was impressed by the presentations I personally attended and I've talked to a number of others who felt the same. This year we had four days, up from three, and more simultaneous rooms on most days, meaning a significant overall increase in session count from the first year. Speaking of, most of the sessions should soon be published to YouTube. I was hoping they'd be up by now, but they're not quite ready, so keep an eye on FIRST's YouTube channel for those to be posted soon. The VulnCon 2024 content is there if you want to revisit that. \n Day two had a track largely dedicated to the EU Cyber Resilience Act (CRA), and my colleague Christopher_Pa1 attended all of those sessions as a crash course in the CRA and related issues. I believe his impression when we had lunch together was that the CRA was \"nightmare inducing\". He wrote about it in his issue of TWIS a couple of weeks ago. For a while, I’ve been telling anyone who listens that they need to learn about the CRA and start planning how to handle its rules. If you do any business in the EU, there's a good chance the CRA will impact your business. \n It wasn't a perfect event; we had some glitches and some lessons learned. But overall I think it went well and the issues were pretty minimal for an event in its second year, especially with the growth we experienced. We'll endeavor to continue to improve, and hopefully next year is even better. I'm looking forward to it—VulnCon has become my favorite event of the year. \n \n https://www.first.org/conference/vulncon2025/ \n https://www.first.org/events/# \n https://www.youtube.com/@FIRSTdotorg \n https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act \n \n Till the Money Comes \n Another issue my colleague Christopher_Pa1 wrote about a couple of weeks ago, which I'm going to revisit anyway, is the CVE Program and the kerfuffle over funding. As regular TWIS readers are likely aware, I'm on the Board of the CVE Program as the CNA Board Liaison. News of the CVE Program’s demise was greatly exaggerated. To lay things out, there were basically three entities involved: \n \n The CVE Program (CVE.org), run by an independent Board \n CISA, part of DHS, providing the funding to run the CVE Program \n MITRE, the contractor paid to maintain the infrastructure for the CVE Program \n \n Fundamentally, this was a contract dispute between CISA (source of the funding) and MITRE (recipient of the funding), which unfortunately went public when a letter from MITRE to the CVE Board was 'leaked'. Note that the contract wasn’t for CVE specifically, but was a larger contract with covered CVE, CWE, and other efforts than MITRE runs for the US government. \n No one is sure who 'leaked’ MITRE’s letter to the CVE Board, but it did leak and that caused a lot of panic and hyperbolic and inflammatory press coverage. There was really no risk that the program was going to shut down at midnight on April 15. Even though MITER’s contract was ending, the way things are hosted, even if no additional bills were paid, it would have continued to run for a while. The public panic and outcry worked, and that night CISA extended MITRE’s funding for another 11 months. The CVE Program is stable and funded for now. I certainly have an opinion on the most likely source of the leak, and I do not believe anyone on the Board was responsible, but it really isn’t important at this point. \n After the incident, another player entered the picture: The CVE Foundation. The Foundation is a US 501(c)(3) non-profit based in Washington state, formed last year. Full disclosure, I have been involved with the Foundation since last year, when I was approached about it. A majority of the CVE Program Board has been involved for a while. The intention was to explore possible solutions to issues we saw with the program, to strengthen and improve the program overall. The idea was to try to create workable solutions that could then be brought to the program as more than just ideas and concepts, and things were still in fairly early stages. \n TheFoundation’sn effort gelled around a few different things; this is not the first time there have been funding issues, and there have been other issues as well. Some non-US entities are reluctant to participate in the CVE Program because it is viewed as a ‘US government program’, despite the independent board. Relying on a single source of funding has inherent risks, especially when that funding is subject to political whim. There are efforts the CVE Program would like to undertake, but the current budget constraints limit what is possible. We hadn't intended to come forward just yet, as work was still being done on the proposals. \n However, the crisis forced us to unveil the effort before someone else decided to step in with a similar effort. In that first day, we did see several other 'CVE alternatives' proposed, largely based on the reporting that made it sounds like the program was ending imminently. That Tuesday night was a mad scramble of registering an email account, domains, and spinning up a website as fast as possible—which I handled. I also created our Mastodon/Fediverse account, while others set up accounts on other platforms like Bluesky and LinkedIn. (I don't think anyone wanted to touch the cesspit that is 'X' these days.) I am not an officer of the Foundation; I was just in the right place, at the right time, with the right skillset to help out. \n Others have since taken on the day-to-day operations of those properties. The Foundation’s website now contains content explaining what the effort is about, and answering some of the questions that have come up in the past few weeks. Work is still going on to create a formal organization to handle the tasks needed of a Foundation that is now public. These tasks include handling press inquiries and the large amount of email received. \n The plan from the Foundation is to move the CVE Program under the aegis of the non-profit and diversify funding sources. There are already many large industry players who have pledged support to the effort. This would also open the program to global funding, which would help ease the ‘US-centric’ perception which hinders participation. Much work remains to be done, and many discussions with the different parties involved, so I don't expect any fast changes. And it may not come to fruition at all. \n TL,DR; The CVE Program continues as it has. A significant, and growing number of board members feel that the program would be better under the aegis of an independent non-profit with a public funding model. However it plays out, there is no real risk to the program today. \n \n https://www.cve.org/ \n https://www.thecvefoundation.org/ \n \n Still Alive \n I feel like I've been writing something about Salt Typhoon every time it has been my turn in the hot seat for the past year. Of course, it could also be a self-fulfilling thing - I'm covered them so much that I'm very aware of them, so when new articles pop up in my feed, they're more likely to grab my attention. Of course, they have to be perpetually in the news for that to happen. Anyway, after all this time, the news keeps coming. The FBI is asking the public for any tips relating to Salt Typhoon. They're hoping the public can help them find the Chinese hackers who have conducted one of the largest cyberattack campaigns against the US telecom industry to date. And the full extent of the attacks is still being uncovered. \n It should be a wake-up call for the industry, given that companies were caught off guard by the extent of the penetrations into their networks. But companies running critical infrastructure should not be surprised to be the target of nation-state APTs. They're the most obvious targets you could name—telecom, power grid, water supplies, and more If you're a nation state and you're not trying to penetrate the networks of your adversaries, do you even have a cyber program? I think most cybersecurity professionals just take it for granted that these attacks are constant and ongoing. \n \n https://www.cybersecuritydive.com/news/fbi-china-salt-typhoon-hack-telecom-tips/746490/ \n https://www.cybersecuritydive.com/news/salt-typhoon-telecom-hacks-one-of-the-most-consequential-campaigns-against/746870/ \n \n Sticking It to Myself \n Sometimes cybercriminals are higher-skilled, moving through networks undetected, covering their tracks, persisting in the very fabric of the network - like Salt Typhoon. And sometimes they're just complete morons, like these two chuckleheads. \n First there's Jeffrey Bowie, a self-declared 'Cybersecurity CEO' from Edmond, Oklahoma, who was caught red-handed installing malware on hospital PCs. In person - not over the network. This malware was PowerShell code, which would take a screenshot every 20 minutes and upload it to a server. He was seen using not only a system for guests, but also a staff workstation, and malware was consequently found. OK, but that might be a coincidence, so how can we be sure he did it? Because this rocketsurgeon’sn galaxy brain decided to go on LinkedIn to explain himself - wherein he confessed to doing it. That should make life easier for the prosecutor handling his two counts of violating Oklahoma's Computer Crimes Act. I don't know why he thought this would help his case - maybe he was using the Kratom extracts his other company appears to sell. \n And then there is Michael Scheurer, an ex-Disney employee who just got handed a three-year jail term for access Disney IT systems without authorization and basically vandalizing the system used to create menus for restaurants across the Walt Disney World property. He did this after being fired for misconduct, and, rather than accepting this as an adult, he decided to use his knowledge of the systems to obtain access after his termination. But he did a terrible job of covering his tracks, and the access was easily traced back to him. But, taking things from childish to dangerous, he also edited the allergen information on some menus. That could have caused a serious health crisis, even death, had someone unknowingly been exposed to an ingredient they were allergic to. Fortunately, the altered menus were caught before they were distributed. \n Scheurer also ran a DoS attack against Disney’s systems, locking out employees by deliberately trying to authenticate with invalid credentials until the system locked the accounts. Quite a bit of evidence was compiled, and he wisely chose to plead guilty. \n I've seen things like this in the past, and while it might feel good to lash out in the moment, I have never seen it work out for the perpetrator. I remember one incident, from early in my career, when an admin at an ISP was dismissed. On their way out, they subtly misconfigured every system - not enough that they'd fail outright, but that they'd experience annoying problems. For example, reconfiguring a 30-port access server (hey, it was the 90s) to only have 29 IPs in the pool to be assigned. Whenever things got busy and all the lines filled up, the last customer to connect couldn't negotiate successfully as there was no IP available. But you’d only see this if you were the 30th person to connect to that system. As they had many systems when it would fail and the customer tried to reconnect, they may hit a different server and succeed. So it was this annoying, intermittent issue. \n I helped the customer scrub through all of their configurations, looking for this kind of thing, and we found a number of different issues. Most of them I've long since forgotten, but I did admire the knowledge and skill demonstrated - it's a lot harder to make things mostly correct, but just incorrect enough to be a gremlin in the system, than it is to just slash and burn everything. Of course, it was also very obvious who did it and law enforcement was involved. I don't know what eventually happened, but it seemed like a pretty open-and-shut case from where I was sitting. \n \n https://www.theregister.com/2025/04/28/infosec_ceo_accused_of_installing_malware/ \n https://www.theregister.com/2025/04/29/former_disney_employee_jailed/ \n \n Ordinary Man \n A few TWIS stints ago, I covered a story about North Korean agents posing as Western workers to land jobs both to gather intelligence and earn money to support the North Korean regime. Well, that's still going on. CrowdStrike claims that thousands of North Korean agents have infiltrated the Fortune 500. That's pretty serious, but I am amused by the interview question CrowdStrike's Adam Meyers suggested to weed out these agents: \"How fat is Kim Jong Un?” Exploiting their unwillingness to say anything potentially negative about the Supreme Leader, Meyers claims they'll terminate the call immediately. That's clever, but I suspect agents will be trained that it is OK to respond to maintain their cover. \n But maybe they don't even need to maintain a cover, if someone is willing to just outsource their work to North Korea for money. That is what a Maryland man did after landing a job working on US government software. He has plead guilty to conspiracy to commit wire fraud after spending multiple years convincing US companies to hire him as a remote developer, only to outsource the actual work to developers overseas - including someone in China who openly claimed to be North Korean. He went through the interview process to obtain a job working on a contract for the Federal Aviation Administration described as: \"part of a national defense program to develop software used by various other government entities that would allow them to coordinate aviation assets effectively.\" But that's just one of 13 different roles he fraudulently obtained and outsourced, earning more than $970,00 in the process. \n I hope it was worth it, as he faces up to 20 years in prison when sentenced in August. \n \n https://www.theregister.com/2025/04/29/north_korea_worker_interview_questions/ \n https://www.theregister.com/2025/04/30/maryland_man_farming_web_dev/ \n \n Make You Cry \n Another week, another CVSS 10,0 Critical vulnerability. This time it is CVE-2025-31324 in SAP NetWeaver Visual Composer, an unauthenticated file upload vulnerability. And, bonus, it has already landed on the CISA Known Exploited Vulnerabilities (KEV) list. At the time, Shadowserver was reporting 454 vulnerable IPs, but it was also reported that over 7,500 servers were exposed and possibly vulnerable. A fix is available and mitigation was also possible in the meantime. \n \n https://www.cve.org/CVERecord?id=CVE-2025-31324 \n https://www.cybersecuritydive.com/news/critical-vulnerability-sap-netweaver-visual-composer/746614/ \n https://www.scworld.com/news/over-400-servers-found-to-be-exposed-to-sap-netweaver-bug \n \n That Was the Week That Was \n Thank you for your time and attention this week. I hope you found something of value in my ramblings. \n As always, if this is your first TWIS, you can always read past editions. I also encourage you to check out all of the content from the F5 SIRT. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"18120","kudosSumWeight":1,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDExOTMtU1cxTElS?revision=4\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:341028":{"__typename":"Conversation","id":"conversation:341028","topic":{"__typename":"TkbTopicMessage","uid":341028},"lastPostingActivityTime":"2025-04-30T06:00:00.036-07:00","solved":false},"User:user:56757":{"__typename":"User","uid":56757,"login":"Jordan_Zebor","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS01Njc1Ny0yMjQwNGkxRjU4NUFCNzdBRjYzQTMz"},"id":"user:56757"},"TkbTopicMessage:message:341028":{"__typename":"TkbTopicMessage","subject":"Policy Puppetry, Jumping the Line, and Camels","conversation":{"__ref":"Conversation:conversation:341028"},"id":"message:341028","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:security-insights/message:341028","revisionNum":5,"uid":341028,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:56757"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":212},"postTime":"2025-04-30T06:00:00.036-07:00","lastPublishTime":"2025-04-30T06:00:00.036-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Notable news for the week of April 20th - April 27th, 2025. This week, your editor is Jordan_Zebor from F5 Security Incident Response Team. This week, I’m diving into some big updates around Generative AI security. \n Every time a new tech wave hits—whether it was social media, crypto, IoT, or now AI—you can bet attackers and security teams are right there, too. The latest threats, like Policy Puppetry and Line Jumping show just how fast things are moving. \n On the flip side, defenses like CaMeL are helping us stay one step ahead. If we want AI systems that people can trust, security engineers have to stay sharp and keep building smarter defenses. \n \n Policy Puppetry: A Universal Prompt Injection Technique \n It seems like weekly, new ways to perform prompt injection are being discovered. Recent research by HiddenLayer has uncovered \"Policy Puppetry,\" a novel prompt injection technique that exploits the way LLMs interpret structured data formats such as XML and JSON. This works because the full context—trusted system instructions and user input alike—is flattened and presented to the LLM without inherent separation (something I will touch on later). By presenting malicious prompts that mimic policy files, attackers can override pre-existing instructions and even extract sensitive information, compromising the integrity of systems powered by LLMs like GPT-4, Claude, and Gemini. \n For security engineers, this discovery underscores a systemic vulnerability tied to LLMs' training data and context interpretation. Existing defenses, such as system prompts, are insufficient on their own to prevent this level of exploitation. The emergence of Policy Puppetry adds to the ongoing discussion about prompt injection as the most significant Generative AI threat vector, highlighting the urgent need for comprehensive safeguards in AI system design and deployment. \n \n MCP Servers and the \"Line Jumping\" Vulnerability \n Trail of Bits uncovered a critical vulnerability in the Model Context Protocol (MCP), a framework used by AI systems to connect with external servers and retrieve tool descriptions. Dubbed \"line jumping,\" this exploit allows malicious MCP servers to embed harmful prompts directly into tool descriptions, which are processed by the AI before any tool is explicitly invoked. By bypassing the protocol’s safeguards, attackers can manipulate system behavior and execute unintended actions, creating a cascading effect that compromises downstream systems and workflows. \n This vulnerability undermines MCP's promises of Tool Safety and Connection Isolation. The protocol is designed to ensure that tools can only cause harm when explicitly invoked with user consent and to limit the impact of any compromised server through isolated connections. However, malicious servers bypass these protections by instructing the model to act as a message relay or proxy, effectively bridging communication between supposedly isolated components. This creates an architectural flaw akin to a security system that activates prevention mechanisms only after intruders have already breached it. \n \n Google's CaMeL: A Defense Against Prompt Injection \n In response to prompt injection threats, Google DeepMind has introduced CaMeL (Capability-based Model Execution Layer), a groundbreaking mechanism designed to enforce control and data flow integrity in AI systems. By associating “capabilities”—metadata that dictate operational limits—with every value processed by the model, CaMeL ensures untrusted inputs cannot exceed their designated influence. Instead of sprinkling more AI magic fairy dust on the problem, this approach leans on solid, well-established security principles concepts into the AI domain. \n By implementing a protective layer around the LLM, developers can reduce risks such as unauthorized operations and unexpected data exfiltration, even if the underlying model remains vulnerable to prompt injection. While CaMeL has not yet been tested broadly, its potential represents a significant advancement toward secure-by-design AI systems, establishing a new architectural standard for mitigating prompt injection vulnerabilities. \n \n That’s it for this week — hope you enjoyed! ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"4246","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:332030":{"__typename":"Conversation","id":"conversation:332030","topic":{"__typename":"TkbTopicMessage","uid":332030},"lastPostingActivityTime":"2025-04-30T03:54:28.075-07:00","solved":false},"User:user:71571":{"__typename":"User","uid":71571,"login":"AaronJB","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS03MTU3MS03eU8wS1o?image-coordinates=4%2C0%2C587%2C583"},"id":"user:71571"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzIwMzAtNjR6VUx1?revision=3\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzIwMzAtNjR6VUx1?revision=3","title":"SIRT_DevCentral.jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:332030":{"__typename":"TkbTopicMessage","subject":"CrowdStrike Struck, PHP CVEs, Race to Exploitation Mountain and KEVs","conversation":{"__ref":"Conversation:conversation:332030"},"id":"message:332030","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:security-insights/message:332030","revisionNum":3,"uid":332030,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:71571"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":359},"postTime":"2024-07-24T13:18:26.044-07:00","lastPublishTime":"2024-07-25T07:38:16.298-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello! This week, AaronJB is here as your editor looking back at the notable security news of the last week (July 15th through July 21st); I can't avoid talking about CrowdStrike just a little, a couple of PHP vulnerabilities (CVE-2024-4577 and CVE-2017-9841), how long it takes adversaries to weaponise vulnerabilities after a PoC is released, and a few notable CVEs that you should really take action to patch ASAP. \n CrowdStrike Struck \n Let's get it out of the way - I can't not talk about CrowdStrike, at least briefly. I have reason to believe my colleague MegaZone will talk about the aftermath at more length in next week's edition of This Week in Security so I don't want to drag this out too much. \n It can't have escaped anyone's attention that there was a \"global IT outage\" which began on Friday the 19th of July, with Windows computers all over the world blue screening and, in some cases, getting stuck in a reboot loop of BSoDs, after a broken CrowdStrike update was pushed out to their customers. I'm not going to drag on them too much here. We all know that mistakes can happen and sometimes they can have far reaching consequences. McAfee found this out in 2010 when something similar happened after a McAfee update; incidentally, the current CrowdStrike CEO and founder was, then, McAfee's CTO. But I digress... \n What surprised me here is that CrowdStrike updates are - as I understand it - pushed out without any opportunity for control by IT admins. Unlike Windows Updates which can be controlled by corporate policy and are often deployed in a staggered fashion after internal testing, CrowdStrike Rapid Response Content updates are delivered immediately and... that's that. Now that I sit back and think about it, this makes complete sense. Your EDR is responsible for detecting malicious activity on your endpoints, we know that threat actors are continually evolving and implementing new techniques, and you don't want the opportunity to detect that activity to slip by waiting on internal processes so delivering updates in a timely manner is essential - but that opens you up to this kind of problem suddenly impacting a huge number of systems. \n It is hard to see a way to prevent something similar from ever happening again beside a shift away from a single vendor having enormous market dominance. Perhaps companies will need to look at having split solutions with half of every function running one EDR and half running another? I'm sure that in the aftermath of this incident, advice from folks more familiar with running endpoints will come out and. As I said, I'll let MegaZone dive into the aftermath as it is still unravelling! \n PHP still Pretty Happy to Pwn \n PHP popped up in the news last week because multiple threat actors have been seen to exploit CVE-2024-4577 in the wild. The CVE was originally disclosed in early June. My experience is that high profile CVEs are usually weaponised within days or hours rather than months; but this CVE flew under my radar as it impacts only (what I assume to be) a narrow subset of systems - those running Windows with either Chinese or Japanese locales. Still, on those systems it is an RCE and as expected, Akamai researchers saw exploitation begin after only a few hours. \n What caught my eye here, though is that PHP continues to crop up a lot. F5 Lab's recent DDoS report has information taken from our own sensor intel showing that even very old PHP CVEs (CVE-2017-9841) are still being actively scanned for today, In fact, as of the date of that report, it was the second most commonly scanned for vulnerability after a TP-Link RCE (CVE-2023-1389). In the case of PHP, I think this probably demonstrates the market penetration of the language itself but also the poor patch management associated with a vast array of hobby or volunteer-run systems; think of all those phpBB installs out there, all the hobby Wordpress sites, and so on. \n If you run a PHP-based application, you really need to be absolutely on top of your patch strategy! \n Race to exploitation mountain \n (There's an obscure film reference in that title somewhere) I just talked about how my personal experience shows that attackers weaponise (at scale) exploitation of high-value CVEs (usually RCEs in common web frameworks) within 24 hours - we've seen it ourselves, unfortunately - but recent research by Cloudflare shows that the time to exploitation can be as little as 22 minutes after PoCs are made available. Twenty-two minutes! Let that sink in for a second. Even if we assume that PoCs are made available after patches are made available (which isn't always the case), the total delta between patch and exploitation-at-scale could be as little as a few hours. \n Reading that research made it clear to me that it's irresponsible to suggest \"Patch early, patch often\" as a panacea for vulnerabilities and that a layered approach to security has to be the only sensible precaution - even then, if you are relying on negative security approaches (denylisting, WAF signatures) it's quite possible you'll end up behind the curve. \n My first thought, then, is that for public services, we need to make better progress toward positive security as a default security model - allow only what is expected and disallow everything else. That approach comes with a huge set of challenges; keeping security policies in sync with the application, building those policies for existing applications, and managing false positives to ensure a good user experience. Those challenges need financial backing to solve, even where the tooling is already available (NGINX App Protect policies easily integrates with a CI/CD pipeline, for example), but how long can we continue hoping the current game of whack-a-mole is successful? \n Notable patches \n Finally, a few notable patches from the last week: \n \n CVE-2024-36401: Affecting GeoServer GeoTools, this is a 9.8 Critical unautneticated remote code execution (RCE) added to CISA's Known Exploited Vulnerabilities list (KEV) last week \n SolarWinds patched eight Critical severity vulnerabilities in Access Rights Manager, six of which were RCEs - CVE-2024-23469, CVE-2024-23466, CVE-2024-23467, CVE-2024-28074, CVE-2024-23471, and CVE-2024-23470 \n CISA also added CVE-2024-28995, another SolarWinds vulnerability but this time in Serv-U to the KEV \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"6435","kudosSumWeight":5,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzIwMzAtNjR6VUx1?revision=3\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:335627":{"__typename":"Conversation","id":"conversation:335627","topic":{"__typename":"TkbTopicMessage","uid":335627},"lastPostingActivityTime":"2025-04-29T10:43:09.705-07:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzU2MjctbWVKUzF2?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzU2MjctbWVKUzF2?revision=2","title":"SIRT_DevCentral.jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:335627":{"__typename":"TkbTopicMessage","subject":"Cybersecurity Awareness Month, Pokémon and Oracle's CPU","conversation":{"__ref":"Conversation:conversation:335627"},"id":"message:335627","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:security-insights/message:335627","revisionNum":2,"uid":335627,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:172154"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":172},"postTime":"2024-10-22T11:46:46.178-07:00","lastPublishTime":"2024-10-22T11:46:46.178-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Notable news for the week of Oct 13 th – 19 th , 2024. This week, your editor is Lior from F5 Security Incident Response Team. This month is security awareness month which is always a good opportunity to understand if we are in the right direction and improving security. The CiSA cyber security awareness month page includes a report “Cybersecurity Awareness Month 2024 Guide” that provides some insights on the above question. The good news: 84% of people considered online safety a priority. 69% of people express confidence in their ability to identify phishing attempts . But: Only 38% of people use unique passwords for all their accounts. Only 36% of people always install software updates when they become available. So, are we getting better? Yes, we are, but we always have ways to improve, so we hope to improve, until next time, keep it safe. Lior. \n \n Iranian hackers now exploit Windows flaw to elevate privileges \n The Iranian hacking group APT34 (OilRig) is exploiting a Windows flaw (CVE-2024-30088) to elevate privileges during cyberattacks targeting critical infrastructure in the UAE and Gulf region. The attackers use this vulnerability to gain SYSTEM-level control, deploy backdoors, and steal credentials from Microsoft Exchange servers. They also intercept passwords and use stealthy tools like ngrok to facilitate exfiltration. The attacks are highly sophisticated and could have serious consequences for the affected energy sector. For more details, visit BleepingComputer. \n \n Jetpack fixes critical information disclosure flaw existing since 2016 \n The WordPress plugin Jetpack patched a critical information disclosure vulnerability that existed since 2016. This flaw allowed logged-in users to access data from forms submitted by other site visitors. The issue, affecting all versions of Jetpack since version 3.9.9, was discovered during an internal audit. Though no evidence suggests exploitation in the wild, Jetpack advises users to update to the latest version to prevent potential future attacks. For more details, visit BleepingComputer. \n \n Oracle Patches Over 200 Vulnerabilities With October 2024 CPU \n Oracle's October 2024 Critical Patch Update (CPU) addressed over 200 vulnerabilities, including 334 security patches for various products. Of these, 186 fixes involved flaws that could be exploited remotely without authentication. Products like Oracle Communications, MySQL, Fusion Middleware, and E-Business Suite received the most patches. Oracle emphasizes the importance of timely patching, as threat actors have previously exploited known vulnerabilities in Oracle software. \n For more details, visit SecurityWeek. \n \n Pokemon dev Game Freak confirms breach after stolen data leaks online \n Game Freak, the developer behind Pokémon, confirmed a data breach in August 2024 after source code and game designs for unreleased titles were leaked online. While the leak's full extent isn't confirmed, Game Freak acknowledged that personal information of employees, contractors, and former staff was exposed. There is no evidence that player data was impacted. The company has since enhanced security measures and is working to prevent similar incidents. \n For more details, visit BleepingComputer. \n \n CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability \n A critical vulnerability (CVE-2024-28987) in SolarWinds Web Help Desk software, recently added to CISA’s Known Exploited Vulnerabilities list. The flaw involves hardcoded credentials that can be exploited remotely to access and modify sensitive data, including help desk tickets. Due to active exploitation, federal agencies are mandated to apply updates by November 5, 2024, to mitigate the risk. For more details, visit The Hacker News. \n \n Malicious ads exploited Internet Explorer zero day to drop malware \n North Korean hacking group ScarCruft exploited a zero-day vulnerability in Internet Explorer (CVE-2024-38178) via malicious ads to distribute RokRAT malware. The attack used \"toast\" pop-up ads in compromised software, allowing malware to execute without user interaction. The malware exfiltrates sensitive data, logs keystrokes, and takes screenshots, targeting South Korean users. Although Microsoft patched the flaw in August 2024, the persistence of outdated components in software increases the risk for further exploitation. For more details, visit BleepingComputer. \n \n From Misuse to Abuse: AI Risks and Attacks \n Let’s discuss the risks and real-world attacks related to AI misuse and abuse in cybercrime. While AI threats are often sensationalized, attackers are still learning to harness AI effectively. Currently, AI is used for tasks like writing phishing emails and generating malicious code. A significant risk lies in abusing customizable GPTs, exposing sensitive data or proprietary information. The article also highlights specific vulnerabilities in AI systems, such as prompt injections, data leakage, and infrastructure manipulation. For more details, visit The Hacker News. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5168","kudosSumWeight":2,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzU2MjctbWVKUzF2?revision=2\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:340956":{"__typename":"Conversation","id":"conversation:340956","topic":{"__typename":"TkbTopicMessage","uid":340956},"lastPostingActivityTime":"2025-04-23T08:00:00.071-07:00","solved":false},"TkbTopicMessage:message:340956":{"__typename":"TkbTopicMessage","subject":"VulnCon 2025, EU CRA, CVE funding, Smishing Kit","conversation":{"__ref":"Conversation:conversation:340956"},"id":"message:340956","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:security-insights/message:340956","revisionNum":2,"uid":340956,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:217342"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":169},"postTime":"2025-04-23T08:00:00.071-07:00","lastPublishTime":"2025-04-23T08:00:00.071-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Notable security news for the week of April 13th through April 20th. Your editor this week is Chris from the F5 Security Incident Response Team. A bit of a different format this week as I was in Raleigh for VulnCon 2025 the previous week. I will discuss highlights from that as well as notable events from the past week. \n \n VulnCon 2025 \n The 2025 Vulnerability Management Ecosystem Collaboration, Ideation, and Action Conference (aka “VulnCon”), which was sponsored by FIRST and the CVE Program, was held from April 7th through April 10th this year. The aim of this conference is to promote collaboration between various vulnerability management and cybersecurity professionals to better help the whole cybersecurity ecosystem. Key topics that were highlighted this year were the EU's Cyber Resilience Act (CRA), Vulnerability Exploitability eXchange (VEX), Cybersecurity Assurance Framework (CSAF), and publishing more complete CVE records or Vulnrichment. I will discuss the CRA in the next paragraph. VEX facilitates the exchange of vulnerability information, fostering collaboration to swiftly address emerging threats. Concurrently, CSAF ensures a standardized approach to cybersecurity practices. One of the pushes that was discussed was to get security scanners to start ingesting VEX to help decrease the amount of false positives and focus more on vulnerabilities that are exploitable. As for Vulnrichment, it is alarming that a large number of CVEs that are disclosed every year do not include Common Weakness Enumerations (CWE) or Common Vulnerability Scoring System (CVSS) scores. I agree that adding this information at a minimum would be very beneficial to both the consumers as well as the vendor. The vendor is in the best position to assign these in a more accurate manner since they are most familiar with the products. \n https://www.first.org/conference/vulncon2025/ \n https://openssf.org/blog/2023/09/07/vdr-vex-openvex-and-csaf/ \n \n EU Cyber Resilience Act (CRA) \n The Cyber Resilience Act introduces mandatory cybersecurity requirements for hardware and software products, throughout their whole lifecycle. The main goals of this act are to ensure that products with digital elements placed on the EU market have fewer vulnerabilities that Manufacturers remain responsible for cybersecurity throughout a product’s life cycle, improve transparency on security of hardware and software products and bring benefits to business users and consumers from better protection. Products will bear the CE marking as is common with many other products sold, which means they have been assessed to meet high safety, health, and environmental protection requirements. \n The three main roles that are laid out are: \n \n Manufacturers: If you develop or manufacture products with \"digital elements\" for sale in the EU. \n Open-Source Software (OSS) Stewards: Entity other than a manufacturer that provides support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products. Examples of this would be the Linux Foundation, Apache Foundation, etc.... \n OSS Developers: Upstream maintainer or developer of open-source software that is used by the manufacturer. \n \n The key point to note in this distinction of these three roles is that if there is a vulnerability exploited in open-source software, the manufacturer is the one held liable. The OSS Steward and the OSS Developers are not being held liable. This makes it a good idea to develop working relationships with the OSS upstream developers for when emergencies do arise. Now to focus on the manufacturer requirements. I will not touch all of them as the CRA is a large document but will point out some of the key topics. Secure-By-Default and Secure-By-Design principles will now be a requirement and not just a pledge. Products with digital elements shall be delivered without any known exploitable vulnerabilities. Manufacturers will need to provide evidence that the product was checked before release. A risk assessment will need to be provided with the product and the contents of that assessment are laid out in Annex I of the document. Manufactures must be able to provide SBOMS in either SPDX or CycloneDX format at the request of authorities. Manufacturers must , address and remediate vulnerabilities without delay, which includes providing security updates. Manufacturers must provide support for a minimum of 5 years, including security updates and that each security update remains available after it has been issued for a minimum of 10 years or for the remainder of the support period, whichever is longer. \n There are also reporting requirements. Highlight a couple of them; they pertain to actively exploited vulnerabilities and severe incidents having an impact on the security of the product. An early warning notification of an actively exploited vulnerability or severe incident, without undue delay and in any event within 24 hours of the manufacturer becoming aware of it. Then \"an incident notification, without undue delay and in any event within 72 hours of the manufacturer becoming aware of the incident, which shall provide general information, where available, about the nature of the incident, an initial assessment of the incident, as well as any corrective or mitigating measures taken, and corrective or mitigating measures that users can take, and which shall also indicate, where applicable, how sensitive the manufacturer considers the notified information to be\". That was taken from the document and you can see how thorough they are being when detailing what to report. The final report will need to be submitted by 14 days for active exploits and one month for severe incidents. Then to explain where to report: \"The notification shall be submitted using the electronic notification end-point of the CSIRT designated as coordinator of the Member State where the manufacturers have their main establishment in the Union and shall be simultaneously accessible to ENISA\". This means that the manufacturer will need to choose one of the European country's CSIRT teams to be the point of contact. \n As for the consequences of non-compliance, the EU is not playing around with that either: \n \n Non-compliance with the essential cybersecurity requirements set out in Annex I and the obligations set out in Articles 13 and 14 shall be subject to administrative fines of up to EUR 15,000,000 or, if the offender is an undertaking, up to 2.5% of its total worldwide annual turnover for the preceding financial year, whichever is higher. \n Non-compliance with the obligations set out in Articles 18 to 23, Article 28, Article 30(1) to (4), Article 31(1) to (4), Article 32(1), (2) and (3), Article 33(5), and Articles 39, 41, 47, 49 and 53 shall be subject to administrative fines of up to EUR 10,000,000 or, if the offender is an undertaking, up to 2% of its total worldwide annual turnover for the preceding financial year, whichever is higher. \n The supply of incorrect, incomplete or misleading information to notified bodies and market surveillance authorities in reply to a request shall be subject to administrative fines of up to EUR 5,000,000 or, if the offender is an undertaking, up to 1% of its total worldwide annual turnover for the preceding financial year, whichever is higher. \n \n To explain those bullet points more simply, everything I mentioned above about manufacturer requirements and reporting all fall under Annex I or Articles 13 and 14 so would be subject to the most severe penalties per incident. \n As for the timelines of this act, the CRA was officially adopted on October 10, 2024, and entered into force on December 10, 2024. However, the CRA's main obligations will apply starting from December 11, 2027. Some earlier obligations will apply, such as the reporting of vulnerabilities and severe incidents, starting from September 11, 2026. Additionally, the rules on conformity assessment bodies will be applicable from June 11, 2026. \n https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act \n https://github.com/SecurityCRob/presentations/blob/main/CRA%20PSIRT%20TL_DR.pdf \n \n CVE Program Funding \n The Common Vulnerabilities and Exposures (CVE) program, managed by MITRE, was facing funding expiration on April 16, 2025. The program is essential for identifying and tracking security vulnerabilities in software and hardware. Without funding, the CVE program would stop adding new vulnerabilities, which could lead to significant impacts on national vulnerability databases, cybersecurity tools, incident response operations, and critical infrastructure. MITRE's Vice President Yosry Barsoum expressed hope that the government is making efforts to continue supporting the program. Luckily, the Department of Homeland Security's (DHS) Cybersecurity & Infrastructure Security Agency (CISA) was able to secure funding at the last moment, to fund the program for 11 more months. This is despite ongoing budget and staffing cuts to CISA by the current administration. \n The cybersecurity community has expressed concern over the potential loss of the CVE program, emphasizing its importance in standardizing vulnerability information and aiding in the timely patching of security flaws. On April 16, MITRE announced the creation of a non-profit entity called \"The CVE Foundation\" to continue the program's work under a new funding mechanism. \n https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/ \n \n The CVE Foundation \n The CVE Foundation was launched to secure the future of the CVE Program. The CVE Foundation was formally established on April 16, 2025, to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program. The CVE Program has been a U.S. government-funded initiative for 25 years, raising concerns about sustainability and neutrality due to its reliance on a single government sponsor. MITRE notified the CVE Board on April 15, 2025, that the U.S. government would not renew its contract for managing the program. In response, a coalition of CVE Board members developed a strategy to transition CVE to a dedicated, non-profit foundation to continue delivering high-quality vulnerability identification. CVE identifiers and data are crucial for cybersecurity professionals worldwide, aiding in security tools, advisories, threat intelligence, and response. Going forward, the CVE Foundation aims to eliminate a single point of failure in the vulnerability management ecosystem and ensure the CVE Program remains globally trusted and community-driven. \n https://www.thecvefoundation.org/home \n \n Pay Your Tolls!! \n About 3 and a half years ago, I was driving into Denver on Interstate 70 coming from the East. I had no need to drive through Denver as I was heading north through Wyoming anyway. Well, a few miles before the city there was an offramp for E-470, a toll highway that would bypass Denver and connect to I-25 a few miles north of the city. I had never used a toll highway before since I live in Eastern Washington where they are unheard of. I was picturing a scene out of a movie where you pull up to a booth and pay an attendant. I was surprised as I merged onto the highway and everyone was driving at 60+ MPH. I saw a sign that stated the system used E-ZPass and would scan the license plate. Fast forward a few months and I receive a bill in the mail from E-ZPass, a pretty nice way to bypass driving through the middle of a large city, I thought. \n Now, unfortunately, a smishing campaign is targeting that same system to trick victims into giving them their payment information. Since mid-October 2024, multiple financially motivated threat actors have been using a smishing kit developed by \"Wang Duo Yu\" to target toll road users in eight U.S. states. The campaign impersonates U.S. electronic toll collection systems like E-ZPass, sending SMS messages and Apple iMessages about unpaid tolls, urging recipients to click on fake links. Victims are prompted to solve a fake CAPTCHA challenge and enter personal and financial information on fraudulent pages, which is then siphoned off to the threat actors. Wang Duo Yu, a computer science student in China, is alleged to be the creator of the phishing kits used by the Smishing Triad, a Chinese organized cybercrime group. The Smishing Triad has conducted large-scale smishing attacks targeting postal services in 121 countries, using failed package delivery lures to harvest personal and financial information. Services like Oak Tel facilitate smishing on a global scale, allowing cybercriminals to send bulk SMS and manage campaigns efficiently. \n I have personally received 2 or 3 of these over the past few months. Luckily, I know the one time I drove on a toll road, so it was obvious to me that this was fake. I worry about people that are using these systems more regularly that may fall victim. \n https://thehackernews.com/2025/04/chinese-smishing-kit-behind-widespread.html ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"13625","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/community/Navbar-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1749755793086","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Groups","migrated-link-7":"Technical Articles","migrated-link-8":"DevCentral News","migrated-link-1":"Technical Forum","migrated-link-10":"Community Groups","migrated-link-2":"Water Cooler","migrated-link-11":"F5 Groups","Common-external-link":"How Do I...?","migrated-link-0":"Forums","article-series":"Article Series","migrated-link-5":"Community Articles","migrated-link-6":"Articles","security-insights":"Security Insights","migrated-link-3":"CrowdSRC","migrated-link-4":"CodeShare","migrated-link-12":"Events","migrated-link-13":"Suggestions"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1749755793086","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1749755793086","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1749755793086","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1749755793086","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1749755793086","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagSubscriptionAction-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagSubscriptionAction-1749755793086","value":{"success.follow.title":"Following Tag","success.unfollow.title":"Unfollowed Tag","success.follow.message.followAcrossCommunity":"You will be notified when this tag is used anywhere across the community","success.unfollowtag.message":"You will no longer be notified when this tag is used anywhere in this place","success.unfollowtagAcrossCommunity.message":"You will no longer be notified when this tag is used anywhere across the community","unexpected.error.title":"Error - Action Failed","unexpected.error.message":"An unidentified problem occurred during the action you took. Please try again later.","buttonTitle":"{isSubscribed, select, true {Unfollow} false {Follow} other{}}","unfollow":"Unfollow"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1749755793086","value":{"title":"Query Handler"},"localOverride":false},"Category:category:top":{"__typename":"Category","id":"category:top","nodeType":"category"},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1749755793086","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1749755793086","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1749755793086","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1749755793086","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-components/customComponent/CustomComponent-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/customComponent/CustomComponent-1749755793086","value":{"errorMessage":"Error rendering component id: {customComponentId}","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1749755793086","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1749755793086","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1749755793086","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1749755793086","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1749755793086","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1749755793086","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1749755793086","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1749755793086","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1749755793086","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1749755793086","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1749755793086":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1749755793086","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false}}}},"page":"/tags/TagPage/TagPage","query":{"tagName":"TWIS"},"buildId":"3XH0qYWYCnEYycuN5W4S8","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","surveysEnabled":true,"openTelemetry":{"clientEnabled":false,"configName":"f5","serviceVersion":"25.4.0","universe":"prod","collector":"http://localhost:4318","logLevel":"error","routeChangeAllowedTime":"5000","headers":"","enableDiagnostic":"false","maxAttributeValueLength":"4095"},"apolloDevToolsEnabled":false,"quiltLazyLoadThreshold":"3"},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["components_customComponent_CustomComponent","components_community_Navbar_NavbarWidget","components_community_Breadcrumb_BreadcrumbWidget","components_tags_TagsHeaderWidget","components_messages_MessageListForNodeByRecentActivityWidget","components_tags_TagSubscriptionAction","components_customComponent_CustomComponentContent_TemplateContent","shared_client_components_common_List_ListGroup","components_messages_MessageView","components_messages_MessageView_MessageViewInline","shared_client_components_common_Pager_PagerLoadMore","components_customComponent_CustomComponentContent_HtmlContent","components_customComponent_CustomComponentContent_CustomComponentScripts"],"appGip":true,"scriptLoader":[]}