"}},"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageViewCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageViewCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/kudos/KudosCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/kudos/KudosCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRepliesCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1728320186000"}]},"CachedAsset:pages-1737020476965":{"__typename":"CachedAsset","id":"pages-1737020476965","value":[{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737020476965,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Former Member","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"dd-MMM-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":"en","possibleValues":["en-US"]}},"deleted":false},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"CachedAsset:theme:customTheme1-1737020476533":{"__typename":"CachedAsset","id":"theme:customTheme1-1737020476533","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"JimmyPackets-512-1702592938213.png","imageLastModified":"1702592945815","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"f5_logo_fix-1704824537976.svg","imageLastModified":"1704824540697","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1600px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_PAGE_CONTENT","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"5px","borderRadius":"5px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"14px","paddingXHero":"42px","fontStyle":"NORMAL","fontWeight":"400","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-400)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-300)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"NONE","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.06)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","forumColor":"#0C5C8D","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#62C026","blogColor":"#730015","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#C20025","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#F3704B","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#EE4B5B","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#491B62","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0C5C8D","secondary":"#333333","bodyText":"#222222","bodyBg":"#F5F5F5","info":"#1D9CD3","success":"#62C026","warning":"#FFD651","danger":"#C20025","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#C20025","#081B85","#009639","#B3C6D7","#7CC0EB","#F29A36"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Inter","fontStyle":"NORMAL","fontWeight":"600","h1FontSize":"30px","h2FontSize":"25px","h3FontSize":"20px","h4FontSize":"18px","h5FontSize":"16px","h6FontSize":"16px","lineHeight":"1.2","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":null,"h2FontWeight":null,"h3FontWeight":null,"h4FontWeight":null,"h5FontWeight":null,"h6FontWeight":null,"__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":null,"imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"14px","defaultMessageHeaderMarginBottom":"10px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"14px","specialMessageHeaderMarginBottom":"10px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Atkinson Hyperlegible","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.3","fontSizeBase":"15px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"13px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1728320186000","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1728320186000","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-pages/tags/TagPage-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-pages/tags/TagPage-1728320186000","value":{"tagPageTitle":"Tag:\"{tagName}\" | {communityTitle}","tagPageForNodeTitle":"Tag:\"{tagName}\" in \"{title}\" | {communityTitle}","name":"Tags Page","tag":"Tag: {tagName}"},"localOverride":false},"CachedAsset:quilt:f5.prod:pages/tags/TagPage:community:zihoc95639-1737020474670":{"__typename":"CachedAsset","id":"quilt:f5.prod:pages/tags/TagPage:community:zihoc95639-1737020474670","value":{"id":"TagPage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"items":[{"id":"tag-header-widget","layout":"ONE_COLUMN","bgColor":"var(--lia-bs-white)","showBorder":"BOTTOM","sectionEditLevel":"LOCKED","columnMap":{"main":[{"id":"tags.widget.TagsHeaderWidget","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"},{"id":"messages-list-for-tag-widget","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","props":{"viewVariant":{"type":"inline","props":{"useUnreadCount":true,"useViewCount":true,"useAuthorLogin":true,"clampBodyLines":3,"useAvatar":true,"useBoardIcon":false,"useKudosCount":true,"usePreviewMedia":true,"useTags":false,"useNode":true,"useNodeLink":true,"useTextBody":true,"truncateBodyLength":-1,"useBody":true,"useRepliesCount":true,"useSolvedBadge":true,"timeStampType":"conversation.lastPostingActivityTime","useMessageTimeLink":true,"clampSubjectLines":2}},"panelType":"divider","useTitle":false,"hideIfEmpty":false,"pagerVariant":{"type":"loadMore"},"style":"list","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"mostRecentUserContent":false,"newest":false},"additional":{"mostKudoed":true,"mostViewed":true,"mostReplies":false,"noReplies":false,"noSolutions":false,"solutions":false}}},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:quiltWrapper:f5.prod:Common:1737020422786":{"__typename":"CachedAsset","id":"quiltWrapper:f5.prod:Common:1737020422786","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":"header.jpg","backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"LEFT_CENTER","lastModified":"1702932449000","__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.Beta_MetaNav","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":true,"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"700","controllerHighlightColor":"hsla(30, 100%, 50%)","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"15px","linkBoxShadowHover":"none","backgroundOpacity":0.4,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"48px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"10px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"0","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"center","linkColor":"var(--lia-bs-primary)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-primary)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid #0C5C8D","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","paddingTop":"10px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"#0C5C8D","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"#0C5C8D"},"links":{"sideLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"TechnicalForum","categoryId":"Forums"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"WaterCooler","categoryId":"Forums"},"routeName":"ForumBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"Forums"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-4","params":{"boardId":"codeshare","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-5","params":{"boardId":"communityarticles","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"categoryId":"CrowdSRC"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-7","params":{"boardId":"TechnicalArticles","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"article-series","params":{"boardId":"article-series","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"security-insights","params":{"boardId":"security-insights","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-8","params":{"boardId":"DevCentralNews","categoryId":"Articles"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-6","params":{"categoryId":"Articles"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"categoryId":"CommunityGroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"categoryId":"F5-Groups"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"GroupsCategory"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-12","params":{"boardId":"Events","categoryId":"top"},"routeName":"EventBoardPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"Suggestions","categoryId":"top"},"routeName":"IdeaBoardPage"}]},"className":"QuiltComponent_lia-component-edit-mode__lQ9Z6","showSearchIcon":false},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"transparent","visualEffects":{"showBottomBorder":false},"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"#222222"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"var(--lia-bs-primary)","linkHighlightColor":"#FFFFFF","visualEffects":{"showBottomBorder":false},"backgroundOpacity":60,"linkTextColor":"#FFFFFF"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"custom.widget.Beta_Footer","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Tag_Manager_Helper","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Consent_Blackbar","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1728320186000","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.Beta_MetaNav-en-1737020491748":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_MetaNav-en-1737020491748","value":{"component":{"id":"custom.widget.Beta_MetaNav","template":{"id":"Beta_MetaNav","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_MetaNav","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_Footer-en-1737020491748":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_Footer-en-1737020491748","value":{"component":{"id":"custom.widget.Beta_Footer","template":{"id":"Beta_Footer","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_Footer","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Tag_Manager_Helper-en-1737020491748":{"__typename":"CachedAsset","id":"component:custom.widget.Tag_Manager_Helper-en-1737020491748","value":{"component":{"id":"custom.widget.Tag_Manager_Helper","template":{"id":"Tag_Manager_Helper","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Tag_Manager_Helper","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Consent_Blackbar-en-1737020491748":{"__typename":"CachedAsset","id":"component:custom.widget.Consent_Blackbar-en-1737020491748","value":{"component":{"id":"custom.widget.Consent_Blackbar","template":{"id":"Consent_Blackbar","markupLanguage":"HTML","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Consent_Blackbar","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1728320186000","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagsHeaderWidget-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagsHeaderWidget-1728320186000","value":{"tag":"{tagName}","topicsCount":"{count} {count, plural, one {Topic} other {Topics}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1728320186000","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1706288370055":"Content Feed","title@instance:1704319314827":"Blog Feed","title@instance:1704317906837":"Content Feed","title@instance:1702668293472":"Community Feed","title@instance:1704320290851":"My Contributions","title@instance:1703720491809":"Forum Feed","title@instance:1703028709746":"Group Content Feed","title@instance:VTsglH":"Content Feed"},"localOverride":false},"Category:category:Forums":{"__typename":"Category","id":"category:Forums","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:TechnicalForum":{"__typename":"Forum","id":"board:TechnicalForum","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:WaterCooler":{"__typename":"Forum","id":"board:WaterCooler","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Articles":{"__typename":"Category","id":"category:Articles","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"Articles"},"Tkb:board:TechnicalArticles":{"__typename":"Tkb","id":"board:TechnicalArticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"TechnicalArticles","nodeType":"board","conversationStyle":"TKB","title":"Technical Articles","shortTitle":"Technical Articles","parent":{"__ref":"Category:category:Articles"}},"Tkb:board:DevCentralNews":{"__typename":"Tkb","id":"board:DevCentralNews","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:GroupsCategory":{"__typename":"Category","id":"category:GroupsCategory","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:F5-Groups":{"__typename":"Category","id":"category:F5-Groups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityGroups":{"__typename":"Category","id":"category:CommunityGroups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:Events":{"__typename":"Occasion","id":"board:Events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Idea:board:Suggestions":{"__typename":"Idea","id":"board:Suggestions","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"ideaPolicies":{"__typename":"IdeaPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CrowdSRC":{"__typename":"Category","id":"category:CrowdSRC","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:codeshare":{"__typename":"Tkb","id":"board:codeshare","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:communityarticles":{"__typename":"Tkb","id":"board:communityarticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:security-insights":{"__typename":"Tkb","id":"board:security-insights","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"security-insights","nodeType":"board","conversationStyle":"TKB","title":"Security Insights","shortTitle":"Security Insights","parent":{"__ref":"Category:category:Articles"}},"Tkb:board:article-series":{"__typename":"Tkb","id":"board:article-series","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:328428":{"__typename":"Conversation","id":"conversation:328428","topic":{"__typename":"TkbTopicMessage","uid":328428},"lastPostingActivityTime":"2024-03-22T09:01:05.622-07:00","solved":false},"User:user:419633":{"__typename":"User","uid":419633,"login":"Koichi","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS00MTk2MzMtMjUxMTJpODRENkE1RkUxRjBDNkI2QQ"},"id":"user:419633"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjg0MjgtN1cxYVhn?revision=5\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjg0MjgtN1cxYVhn?revision=5","title":"F5SIRT.jpeg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:328428":{"__typename":"TkbTopicMessage","subject":"NISC, NoMoreRansom, AsterX, BTC ETF, March 3rd – March 9th - This Week in Security","conversation":{"__ref":"Conversation:conversation:328428"},"id":"message:328428","revisionNum":5,"uid":328428,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:419633"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" ","introduction":"","metrics":{"__typename":"MessageMetrics","views":158},"postTime":"2024-03-14T12:52:17.418-07:00","lastPublishTime":"2024-03-22T09:01:05.622-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Editor's Introduction \n This week in security editor is Koichi this week. Today's TWIS I chose topics of Japanese related ones, NISC, No More Ransom, AsterX, and Bitcoin ETF. \n We in F5 SIRT invest a lot of time understanding the frequently changing behavior of bad actors. Bad actors are a threat to your business, your reputation, and your livelihood. That’s why we take the security of your business seriously. When you’re under attack, we’ll work quickly to effectively mitigate attacks and vulnerabilities, and get you back up and running. So next time you are under security emergency please contact F5 SIRT \n NISC and cyber attack on a port \n The National Center of Incident Readiness and Strategy for Cybersecurity (NISC) is an organization established in the Cabinet Secretariat to develop the information security policies of the Japanese government, monitor and analyze malicious activities against information systems of administrative departments, provide necessary advice and information, and other assistance in ensuring cyber security, conducts audits, etc. It also serves as a general coordinator for cyber security, not only with administrative agencies but also with certain critical infrastructure operating companies. NISC regularly has meetings to decide its action plans. On March 8, the 39th meeting of the Cybersecurity Strategy Headquarters was held, and according to the publication, ports were added to the critical infrastructure monitoring items for Japan's cybersecurity. As the background of this decision, the ransomware incident in last year is listed. On July 4, 2023, Nagoya United Terminal System (NUTS) at a container terminal at the Port of Nagoya, was attacked by the ransomware group \"LockBit\", resulting in halted container loading and unloading operations for approximately three days. This incident was the cyber attack of ransomware, conducted by \"LockBit,\" an attacker group believed to be of Russian origin. The incident revealed that there wasn't a person in charge of cyber security for the port operation systems, which needs to be improved. \n Then, Let us discuss about LockBit in the next item. \n Source: https://www.nisc.go.jp/pdf/about/nisc_gaiyou.pdf (Japanese) , https://www.nisc.go.jp/pdf/council/cs/dai39/39cs_press.pdf (Japanese) \n \"No More Ransom\" \n LockBit is a ransomware group that provides ransomware as an attack infrastructure, the so-called \"RaaS (Ransam as a Service)\", explained in the previous TWIS. The news source reports that nearly a quarter of all ransomware submissions are by LockBit. \n In February, law enforcement agencies of 14 countries joined forces to launch \"Operation Cronos\" to defend against LockBit and other criminal groups. In addition to arresting some of the individuals involved, they have taken countermeasures such as seizing related assets such as leaked websites, crypto asset (virtual currency) accounts, and decryption keys. \n The joint team and some security companies also launched \"No More Ransom\" website to educate the people and give prevention advice. \n Through Operation Cronos, the European Criminal Police Organization announced the Japanese National Police Agency developed a tool, the \"Decryption Checker\" which allows users to investigate how much they can decrypt the victim files, but just to know how much, not decrypting it. It is uploaded in \"No More Ransom\" website. \n For LockBit, LockBit 3.0 Decrypter is also available in \"No More Ransom\" website. \n Source: https://www.security-next.com/154009(Japanese) \n \n AsterX Space CyberDefense exercise \n The French Air and Space Force (Armée de l'Air et de l'Espace Française) conducts AsterX, the space cyber attack/defense exercise annually. However, participants have been limited to Europe countries and the United States until recently. In this year, AsterX (AsterX 24) will be held in France from April 4 to April 15. 16 countries and European-based aerospace companies like MBDA and Ariane Group will participate, and from this year, Japan's Self-Defense Forces will participate as well. \n The AsterX will be held in the style of a real-time war game. In the scenario, a fictional adversary threatens the space assets of the neighboring countries (it is fictional as well), and a Joint task force of participants will try to defend the allied country. Some sources of this news see the fictional adversary as a simulation of Russian cyberattacks. \n One of the good effects of participating in international exercises is to increase partnerships with other countries and companies, which will affect when a real cyber-attack happens. \n Source: https://asia.nikkei.com/Politics/Defense/Japan-to-take-part-in-AsterX-space-defense-drill-with-NATO-members \n https://air.defense.gouv.fr/asterx/dossier/presentation-asterx-2024 \n \n Bitcoin ETF \n Bitcoin has reached its ATH (all-time high). The Bitcoin ETF is believed to be the reason for the surge, due to the large inflow of funds. You can check the amount of inflows into that ETF and heatmap at Bitcoin ETF Overview. So Bitcoin becomes a more valuable asset. How about security? Over 10 years the Bitcoin system, with its robust system, has not been brought down or stopped by attacks. The only successful thefts to date have occurred outside of the Bitcoin protocol. The Bitcoin network’s security is multi-layered. Transaction hashing, mining, block confirmations, and game theory all work together to make Bitcoin’s blockchain impenetrable. The most well-known threat to Bitcoin might be quantum computing (its ability to decrypt the public key to get its private key). According to researchers at the University of Sussex, a quantum computer with 1.9 billion qubits of processing power would be needed to break into the Bitcoin network within 10 minutes. (1 block = 10 minutes, so the attacker needs to decrypt within 10 minutes) As far as I know, it is unlikely to happen with the current quantum computer's ability. And if it is going to happen, and the threat comes to mind of Bitcoin developers, a new Bitcoin Improvement Proposal (BIP) will be filed to adapt post-quantum cryptography. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"6227","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjg0MjgtN1cxYVhn?revision=5\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:326327":{"__typename":"Conversation","id":"conversation:326327","topic":{"__typename":"TkbTopicMessage","uid":326327},"lastPostingActivityTime":"2024-03-13T12:07:26.430-07:00","solved":false},"User:user:129412":{"__typename":"User","uid":129412,"login":"Kyle_Fox","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/custom/Frankenstack_11-1706132273780.svg"},"id":"user:129412"},"TkbTopicMessage:message:326327":{"__typename":"TkbTopicMessage","subject":"Kyle Fox's Security News 2023 in Review - F5 SIRT","conversation":{"__ref":"Conversation:conversation:326327"},"id":"message:326327","revisionNum":12,"uid":326327,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:129412"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":301},"postTime":"2024-01-05T12:14:08.546-08:00","lastPublishTime":"2024-03-13T12:07:26.430-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n \n Intro \n \n I thought we would do a little end of the year roundup of a few subjects I feel are notable from 2023. I will be publishing an article with some things I am looking out for in 2024 and a list of all my YouTube recommendations from 2023 later in January. \n \n Software Bill of Materials \n \n Back in 2021 the White House put out an executive order aiming to improve cybersecurity in the United States. One of the bullet points of that executive order was to improve the Software Supply Chain security of software sold to the Federal Government. This had been largely spurred by a series of breaches in the Federal Government, most prominently the SolarWinds software supply chain attack. Previously there had been breaches because of vulnerabilities in software used by companies and government organizations, one such famous breach was the Equifax breach in 2017 that resulted in a 700 Million US Dollar settlement. This breach was facilitated by the Apache Struts vulnerability CVE-2017-5638, and Equifax neither patched the vulnerability in Apache Struts, nor did Web Application Firewall protections exist or were configured properly. \n \n After the White House Executive Order, software bill of materials work started to pick up steam, there had been calls leading up to the order to establish SBOMs for software as a standard, and those were discussed in places like Y Combinator News. The CISA established efforts to collect and facilitate work on SBOM resources, Anchore released a SBOM tool called Syft to create lists of packages from containers, and also a tool called Grype to create lists of vulnerabilities from that list by using the NVD database. \n \n So by time 2023 was underway, regulators were putting pressure on the software industry to produce SBOMs and the White House had incorporated this into its ongoing cybersecurity strategy. We expect SBOMs to be a major part of 2024 as well. \n \n What it Means for an Attack to go Mainstream \n \n Many of us consider an exploit to be mainstream when a Metasploit module is written for it, and that serves well and good for things that Metasploit does well, such as attacks over a network. But what about attacks over wireless? \n \n Well, we now have the Flipper. I have previously written about Flipper exploits, but at that time I did not really dive into what it is, exactly. The Flipper Zero is a small Tamagotchi like device that incorporates a number of wireless and wired technologies and scripts to do things with those technologies. Its wireless capabilities consist of a TI CC1101 driven Sub-1Ghz transceiver that can do things like talk to IoT devices and various access control systems. Also, for even more access control system shenanigans, it incorporates both a 125khz proximity card reader/writer/emulator and a 13.56Mhz NFC module (ST25R3916). Proximity cards are often used for electronic locks on buildings and provide no security, having been developed using technology that predates microcontrollers small enough to fit on a access badge. 13.56Mhz technology presents a more formidable foe to the Flipper, since most modern access control systems use secure contactless smart cards with technology stacks like MiFARE, but the Flipper is able to conduct brute force and dictionary attacks against some of the simpler cards using this technology. \n \n One big feature the Flipper has is Bluetooth, which as I had written in the This Week In Security linked above, allows a Flipper, in that case loaded with special software, to conduct a discovery spam attack that at the time it came out, would crash many Apple iOS devices. The Bluetooth is implemented using the onboard Bluetooth support in Flippers processor, an STM32WB55RG from ST's new wireless microcontroller lineup. Other connectivity available on the Flipper is Infrared transmit and receive, allowing it to emulate remote controls, and iButton / 1-Wire support, allowing it to read iButtons, which are sometimes used for access control or security guard tour verification systems. All of this information and the supported protocols is expanded upon in the Flipper documentation. \n \n In the SDR field we had been creeping up on this sorta mainstreaming of RF hacking for a long time, starting a long time ago with an ambitious SDR project called the DSP-10, which used the then contemporary Analog Devices ADSP-2181 Digital Signal Processor. Later on Matt Ettus developed the Universal Software Radio Peripheral, originally sold as kits by Ettus Research, which was later bought out by test equipment manufacturer National Instruments. The USRP is often used beside an SDR suite called GNU Radio, which provides a processing block oriented environment allowing quick construction of SDR dataflows between processing blocks, and from that, fast concept to implementation of SDR solutions. The USRP devices continue to be developed to this day, with devices capable of large RF bandwidths and multiple inputs and outputs topping out the lineup. This all eventually resulted in a device called the HackRF developed by Great Scott Gadgets. Which was expanded using the PortaPack to allow portable operation, with expanded software for that called Havoc and Mayhem creating a very capable device. \n \n While that was the high end, the low end had its own small revolution when people discovered that you could use a simple DVB-T adapter with the RTL2832 chipset to recieve radio signals and feed them into SDR software such as GNU Radio, SDR++, HDSDR, and Gqrx. Its also important to mention that there are a ton of SDR platforms out there these days, in addition to all those above there is also LimeSDR, BladeRF, and KiwiSDR, to name just a few more. \n \n Ransom Attacks Continue \n \n As Aaron reported in January of 2023, the year started off with the Royal Mail (UK) being ransomwared. \n \n Probably the most widespread issue with ransomware was the MOVEit critical vulnerability CVE-2023-34362 and its exploit by the CL0P ransomware gang. This was such a massive and widespread issue that it affected multiple agencies of the US Federal Government, the UK Government, multitudes of private companies, DMVs in two states and the list keeps going. \n \n A cyber attack also hit MGM Resorts costing the company an estimated $100 million US Dollars. \n \n I share the sentiment of Megazone when he wrote in May that he is tired of ransomware. We can talk endlessly about solutions, either novel things like zero trust or old standbys like quickly patching vulnerabilities, but as long as IT is considered a cost center and something that is not a priority the entire industry will teeter on the brink of disaster. \n \n Fortunately we are seeing more agencies announce rules requiring breaches to be disclosed, including the HHS for HIPAA covered information, and the SEC for anything \"material\" to stockholders. \n \n AI Gathers Mindshare and Criticism \n \n 2023 started out with ChatGPT as one of the fastest growing online applications, with millions of users using it to do things like write letters and research topics, but as people quickly found out, it could hallucinate facts, drawing any facts it provides into question. This quickly became a problem in the legal sphere when a law firm filed a ChatGPT generated legal brief and was found out. Many lawyers commented on this, some on youtube as well. \n \n Another major conundrum for AI is copyright law, since many of these AI models are trained on copyrighted works most often without the permission of those works' authors, the resulting work could be said to incorporate all those previous works. The United States Library of Congress Copyright Office is working on examining this question and President Biden issued an Executive Order on the matter. Not to be left behind, the New York Times has sued OpenAI over its use of NYT articles in training ChatGPT. Although, its not like human authors are free of this piecemeal copyright infringement. \n \n There's also the elephant in the room, the wild ride that was Sam Altman of OpenAI, making a deal with Microsoft, being fired by the OpenAI board, negotiating a position at Microsoft, then being rehired by OpenAI. That was quite a weekend. \n \n Outside that, Fullpath is putting out a ChatGPT product to allow chat customer support using AI rather than humans, its had some odd results. And the New York Times explored some of the other oddities. \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"8961","kudosSumWeight":4,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:328326":{"__typename":"Conversation","id":"conversation:328326","topic":{"__typename":"TkbTopicMessage","uid":328326},"lastPostingActivityTime":"2024-03-11T13:54:28.314-07:00","solved":false},"User:user:172154":{"__typename":"User","uid":172154,"login":"Lior_Rotkovitch","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xNzIxNTQtMjAxMzJpNEEwNDMzMEE3QzhGNzhDRA"},"id":"user:172154"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjYtTmYwckky?revision=7\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjYtTmYwckky?revision=7","title":"F5SIRT.jpeg","associationType":"TEASER","width":680,"height":383,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjYtWFJnVFhY?revision=7\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjYtWFJnVFhY?revision=7","title":"F5SIRT-banner-2021.jpg","associationType":"BODY","width":768,"height":120,"altText":""},"TkbTopicMessage:message:328326":{"__typename":"TkbTopicMessage","subject":"Lockbit resurface after takeover & Lazarus are hitting Feb 25th – March 2nd - This Week in Security","conversation":{"__ref":"Conversation:conversation:328326"},"id":"message:328326","revisionNum":7,"uid":328326,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:172154"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" ","introduction":"","metrics":{"__typename":"MessageMetrics","views":357},"postTime":"2024-03-07T09:46:31.240-08:00","lastPublishTime":"2024-03-11T13:54:28.314-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Introduction \n This week's security editor is Lior Rotkovitch. The latest news highlight was all about the return of Lockbit after the take down of the Lockbit “ransomware-as-a-service” The hacking group responded to the takedown and said they were lazy as they were swimming in money they forgot to update the php servers. This is the nature of security, one goes down one comes up, or the same one. \n Reading the news is just one way to know what's up. Driving a car in endless traffic jams is a great time for listening to podcasts of your favorite kind. The security podcasts that I listened to last week are : \n Episode 19 - February 2024 - AI App Security For IoT Edge Devices \n It is always a pleasure hearing my EMEA partner Aaron B talking \n YouTube episode page \n Risky Business #738 -- LockBit is down but not out. Yet. \n One of my favorite podcasts \n Episode page \n Malicious Life - Kevin Mitnick, Part 1 \n And finally, Malicious Life is back with an episode on Kevin Mitnick \n Episode page \n Until next time, keep it safe. \n \n \n LockBit ransomware returns, restores servers after police disruption \n On February 19, authorities took down LockBit’s infrastructure, which included 34 servers hosting the data leak website and its mirrors, data stolen from the victims, cryptocurrency addresses, decryption keys, and the affiliate panel. \n Immediately after the takedown, the gang confirmed the breach saying that they lost only the servers running PHP and that backup systems without PHP were untouched. \n LockBit says that law enforcement, to which they refer collectively as the FBI, breached two main servers “because for 5 years of swimming in money, I became very lazy.” \n “Due to my personal negligence and irresponsibility, I relaxed and did not update PHP in time.” The threat actor says that the victim’s admin and chat panels server and the blog server were running PHP 8.1.2 and were likely hacked using a critical vulnerability tracked as CVE-2023-3824. \n https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-restores-servers-after-police-disruption/#google_vignette \n https://www.securityweek.com/lockbit-ransomware-gang-resurfaces-with-new-site/ \n \n Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin \n \n The flaw, tracked as CVE-2024-1071 (CVSS score of 9.8), affects websites running the Ultimate Member WordPress membership plugin and could be exploited by unauthenticated attackers to append SQL queries to existing ones and extract information from databases. \n According to Defiant, the bug exists because of an insecure implementation in users' query functionality, which results in the text sanitization function failing to protect against SQL injection attacks. \n The company’s researchers also found that the structure of the query only allows attackers to take a time-based blind approach, using SQL CASE statements and the sleep command while observing the response time for the requests to steal information. \n https://www.securityweek.com/critical-flaw-in-popular-ultimate-member-wordpress-plugin/ \n \n The Week in Ransomware - March 1st 2024 - Healthcare Under Siege \n The most impactful attack of 2024 so far is the attack on UnitedHealth Group's subsidiary Change Healthcare, which has had significant consequences for the US healthcare system. This attack was later linked to the BlackCat ransomware operation, with UnitedHealth also confirming the group was behind the attack. \n In some cases, patients are forced to pay full price for their medications until the issue is resolved. However, some medicines can cost thousands of dollars, making it difficult for many to afford the payments. \n To make matters worse, the BlackCat ransomware operation, aka ALPHV, claims to have stolen 6TB of data from Change Healthcare during the attack, containing the personal information of millions of people. \n The attack has led the FBI, CISA, and the HHS to issue a joint advisory warning of BlackCat attacks on hospitals. \n https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-1st-2024-healthcare-under-siege/ \n \n \n Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems \n Hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository to infect developer systems with malware. \n The disclosure comes days after Phylum uncovered several rogue packages on the npm registry that have been used to single out software developers as part of a campaign codenamed Contagious Interview. \n An interesting commonality between the two sets of attacks is that the malicious code is concealed within a test script (\"test.py\"). In this case, however, the test file is merely a smokescreen for what's an XOR-encoded DLL file, which, in turn, creates two DLL files named IconCache.db and NTUSER.DAT. \n The attack sequence then uses NTUSER.DAT to load and execute IconCache.db, a malware called Comebacker that's responsible for establishing connections with a command-and-control (C2) server to fetch and run a Windows executable file. \n https://thehackernews.com/2024/02/lazarus-exploits-typos-to-sneak-pypi.html \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5257","kudosSumWeight":4,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjYtTmYwckky?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjYtWFJnVFhY?revision=7\"}"}}],"totalCount":2,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:328026":{"__typename":"Conversation","id":"conversation:328026","topic":{"__typename":"TkbTopicMessage","uid":328026},"lastPostingActivityTime":"2024-02-27T10:49:24.629-08:00","solved":false},"User:user:72057":{"__typename":"User","uid":72057,"login":"ArvinF","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS03MjA1Ny1ndTdUdTE?image-coordinates=90%2C126%2C444%2C481"},"id":"user:72057"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgwMjYtM2xuRTdH?revision=16\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgwMjYtM2xuRTdH?revision=16","title":"F5SIRT.jpeg","associationType":"TEASER","width":680,"height":383,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgwMjYtTmt3MFBD?revision=16\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgwMjYtTmt3MFBD?revision=16","title":"F5SirtHeader.jpeg","associationType":"BODY","width":768,"height":120,"altText":""},"TkbTopicMessage:message:328026":{"__typename":"TkbTopicMessage","subject":"Log-in attacks, Ransomware gangs, Autohack with LLMs-Feb 18-24, 2024- F5 SIRT- This Week in Security","conversation":{"__ref":"Conversation:conversation:328026"},"id":"message:328026","revisionNum":16,"uid":328026,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:72057"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":543},"postTime":"2024-02-26T15:48:48.290-08:00","lastPublishTime":"2024-02-27T10:49:24.629-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello 2024, Arvin here as your editor for this edition. As this is my first TWIS this year, let me start with \"Let's keep our organizations secured, shall we?\" \n \n Overview \n 1st on the list of news for This Week In Security covering Feb 18-24 2024, a report from IBM X-Force and CrowdStrike where they report that a huge surge in cyber attacks are using valid credentials and other techniques spoofing legitimate users. \"Threat actors have really focused on identity – taking a legitimate identity, logging in as a legitimate user, and then laying low, staying under the radar by living off the land and using legitimate tools,\". F5 can help in preventing brute force, credential stuffing / reuse attacks. BIG-IP ASM/Adv WAF security policy and rich functionalities in F5 Distributed Cloud surely can fit any deployment and offer mitigations. \n Next is ConnectWise's critical bug - an authentication bypass and a path traversal combo. There is no mitigation. Only an upgrade to a fixed version mitigates the vulnerability. This vulnerability is an RCE and can allow an attacker to take over a vulnerable installation. The week prior, MS also released CVE-2024-21410, a critical cve on MS Exchange. Patching and enabling Extended Protection for Authentication (EPA) for Exchange Servers mitigates the vulnerability. \n A research on LLMs auto-hijacking websites - I'm not surprised that it will come to this at some point. LLMs provisioned with tools for accessing APIs, automated web browsing, and feedback-based planning can be weaponized to exploit websites with vulnerabilities. Like in the 1st news, if the door is open (in the 1st news was for use of valid, leaked credentials) - meaning vulnerabilities are present in the first place, it will be easier for attackers to abuse them. So as I shared in my previous TWIS, keep systems up to date and secure access to your applications. Stand up BIG-IP ASM/Adv WAF Security Policies , DoS and Bot Defense profiles or F5 Distributed Cloud services will help in providing mitigations for your web applications, regardless if it was manually or automatically delivered exploits. \n ALPHV, the notorious ransomware gang we have seen in previous TWIS editions is still wreaking havoc. \"The advice from both CISA and the FBI is that victims should not pay ransom demands to cybercriminals\" is sound advice and I think is the key takeaway. Prevention starts at keeping systems up to date and secured, implementing security controls such as MFA, network segmentation, WAFs (ASM/Adv WAF/NGINX App protect/F5 XC), BIG-IP SSL Orchestrator (dynamic, policy-based decryption, encryption, and traffic steering through security inspection devices), BIG-IP AFM (FW, IPS/IDS, DoS protection) and similar solutions. Continuous improvement of Security Culture should also be on the top of the list - educating users on the threats of phishing, vhishing, smshing and many other social engineering attacks and developing good security hygiene and habits (locking your computer, prevent tailgating, reading security news like F5 SIRT TWIS!) can help prevent potential breaches. In similar news, \"LockBit ransomware gang has over $110 million in unspent bitcoin\". Surely it is currently stuck, and I do hope these paid ransom can be recovered, but, this is the result of paying ransom. \n That’s it for This Week In Security. I hope you find it educational. Stay Safe and Secure! \n Orgs are having a major identity crisis while crims reap the rewards \n Identity-related threats pose an increasing risk to those protecting networks because attackers – ranging from financially motivated crime gangs and nation-state backed crews – increasingly prefer to log in using stolen credentials instead of exploiting vulnerabilities or social engineering. \n In two separate reports published on Wednesday, IBM X-Force and security biz CrowdStrike found a huge surge in cyber attacks using valid credentials and other techniques spoofing legitimate users. \n IBM's threat hunters found a 71 percent year-over-year increase in the volume of attacks using valid credentials in 2023. \"And that's huge,\" Michelle Alvarez, a manager for IBM X-Force's strategic threat analysis team, told The Register. \n Specifically, compromised valid accounts represented 30 percent of all incidents that X-Force responded to in 2023 – pushing that attack vector to the top of the list of cyber criminals' most common initial access points for the first time ever. X-Force also found that cloud account credentials make up 90 percent of for-sale cloud assets on the dark web. \n Meanwhile phishing, also at 30 percent, tied with valid account abuse as the top initial access vector in 2023. However, the overall volume of phishing attacks was down by 44 percent compared to 2022 – which IBM attributes, in part, to the use of valid credentials to gain initial access. \n \"It was clear to us that last year, attackers were logging in versus hacking in,\" Alvarez said. \n The X-Force 2024 Threat Intelligence Index is based on monitoring or more than 150 billion security events per day in more than 130 countries, plus data from its threat intel, incident response, red team and Red Hat Insights. \n When the front door's open … \n \"Identity is the number one thing that organizations need to be thinking about,\" warned Adam Meyers, head of counter adversary operations at CrowdStrike. \"Adversaries have figured out that it's the easiest and fastest way in.\" \n CrowdStrike's 2024 Global Threat Report – gleaned from analyzing the 230 criminal groups that it tracks – found a similar uptick in identity-related threats. In addition to using stolen credentials, the security biz spotted attackers targeting API keys and secrets, session cookies and tokens, one-time passwords, and Kerberos tickets throughout last year. \n \"Threat actors have really focused on identity – taking a legitimate identity, logging in as a legitimate user, and then laying low, staying under the radar by living off the land and using legitimate tools,\" Meyers explained. \n This echoes the security shop's earlier threat hunting report published in August, which found a 312 percent year-over-year increase in the use of remote monitoring and managing tools. \n \"These are tools that would likely be used by administrators, so less likely to be something that will catch attention – especially if it was deployed by a legitimate user,\" Meyers said. \"Threat actors are really trying to camouflage themselves with legitimate behavior or things that look legitimate and are harder to peel away.\" \n Beware the bears \n Nation-state linked attackers also conducted their share of identity-based attacks last year. \n One of the Kremlin's goon squads, Cozy Bear, has been conducting credential phishing campaigns using Microsoft Teams messages to steal MFA tokens for Microsoft 365 accounts since at least late May 2023. \n Using valid credentials for initial access helps attacks evade detection. According to CrowdStrike, they typically obtain these legitimate identities via accidental credential leakage, brute-force attacks, phishing/social engineering, credential stealers, access brokers, insecure self-service password-reset services and insider threats. \n \"Then once they have that identity, they're able to enroll or bypass multi-factor authentication, and then move laterally,\" Meyers observed, noting that in some cases last year – ahem, Microsoft – MFA wasn't even deployed. \n \"Identity-based and social-engineering attacks are the number one thing that organizations are getting popped by,\" Meyers added. \"And this continues to be the biggest problem.\" \n \n https://www.theregister.com/2024/02/21/identity_related_cyber_threats/ \n \n Exploiting the latest max-severity ConnectWise bug is 'embarrassingly easy' \n Infosec researchers say urgent patching of the latest remote code execution (RCE) vulnerability in ConnectWise's ScreenConnect is required given its maximum severity score. \n The vulnerability has been given a maximum 10/10 CVSS rating by ConnectWise, one that outside researchers agree with given the potential consequences of a successful exploit. \n In disclosing the maximum-severity authentication bypass vulnerability (CWE-288), ConnectWise also revealed a second weakness - a path traversal flaw (CWE-22) with an 8.4 severity rating. \n The company's initial February 19 disclosure mentioned there being no evidence to suggest that the vulnerabilities, neither of which yet have CVE identifiers, were being actively exploited but this has since changed. \n To achieve RCE, Huntress demonstrated its method to target the ScreenConnect setup wizard on machines that already had the software installed. \n If an attacker is able to launch the setup wizard, they only need to partially complete the process – the part that registers the initial admin user to get things in motion. By registering the initial admin user and skipping the rest, the internal user database will be overwritten, deleting all local users except the one specified by the attacker. \n \"Once you have administrative access to a compromised instance, it is trivial to create and upload a malicious ScreenConnect extension to gain RCE,\" Huntress said. \"This is not a vulnerability, but a feature of ScreenConnect, which allows an administrator to create extensions that execute .Net code as SYSTEM on the ScreenConnect server.\" \n The path traversal vulnerability can also lead to Zip Slip attacks, the researchers said, but would require an attacker to have admin-level access in order to achieve RCE with it. \n This vulnerability would be exploitable after taking advantage of the authentication bypass flaw, which itself would offer attackers RCE, so performing a Zip Slip attack wasn't exactly necessary. \n \"For on-premise users, we offer our strongest recommendation to patch and update to ScreenConnect version 23.9.8 immediately,\" Huntress said. \n ConnectWise said it will be releasing fixed versions of releases 22.4 through 23.9.7 soon, but the recommendation is, like in most cases where possible, to upgrade to the latest available version. \n It should be said that there are no temporary mitigation steps provided in lieu of patching so upgrading really is the only way out of this. \n Data from internet monitoring biz Shadowserver indicates that there are around 3,800 vulnerable ConnectWise instances currently running, with the vast majority located in the US. \n \n https://www.theregister.com/2024/02/21/connectwise_max_severity_bug/ \n \n \n Crims found and exploited these two Microsoft bugs before Redmond fixed 'em \n CVE-2024-21410: Elevation of privilege in Microsoft Exchange Server, which can be exploited by a remote unauthenticated miscreant to impersonate users. Patching this requires extra steps. \n \n https://www.theregister.com/2024/02/14/patch_tuesday_feb_2024/ \n https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2024-h1-cumulative-update-for-exchange-server/ba-p/4047506 \n \n How to weaponize LLMs to auto-hijack websites \n AI models, the subject of ongoing safety concerns about harmful and biased output, pose a risk beyond content emission. When wedded with tools that enable automated interaction with other systems, they can act on their own as malicious agents. \n Computer scientists affiliated with the University of Illinois Urbana-Champaign (UIUC) have demonstrated this by weaponizing several large language models (LLMs) to compromise vulnerable websites without human guidance. Prior research suggests LLMs can be used, despite safety controls, to assist [PDF] with the creation of malware. \n Researchers Richard Fang, Rohan Bindu, Akul Gupta, Qiusi Zhan, and Daniel Kang went a step further and showed that LLM-powered agents – LLMs provisioned with tools for accessing APIs, automated web browsing, and feedback-based planning – can wander the web on their own and break into buggy web apps without oversight. \n They describe their findings in a paper titled, \"LLM Agents can Autonomously Hack Websites.\" \n \"In this work, we show that LLM agents can autonomously hack websites, performing complex tasks without prior knowledge of the vulnerability,\" the UIUC academics explain in their paper. \n \"For example, these agents can perform complex SQL union attacks, which involve a multi-step process (38 actions) of extracting a database schema, extracting information from the database based on this schema, and performing the final hack.\" \n In an interview with The Register, Daniel Kang, assistant professor at UIUC, emphasized that he and his co-authors did not actually let their malicious LLM agents loose on the world. The tests, he said, were done on real websites in a sandboxed environment to ensure no harm would be done and no personal information would be compromised. \n \"We used three major tools,\" said Kang. \"We used the OpenAI Assistants API, LangChain, and the Playwright browser testing framework. \n \"The OpenAI Assistants API is basically used to have context, to do the function calling, and many of the other things like document retrieval that are really important for high performance. LangChain was basically used to wrap it all up. And the Playwright web browser testing framework was used to actually interact with websites.\" \n The researchers created agents using 10 different LLMs: GPT-4, GPT-3.5, OpenHermes-2.5-Mistral-7B, LLaMA-2 Chat (70B), LLaMA-2 Chat (13B), LLaMA-2 Chat (7B), Mixtral-8x7B Instruct, Mistral (7B) Instruct v0.2, Nous Hermes-2 Yi (34B), and OpenChat 3.5. \n The first two, GPT-4 and GPT-3.5, are proprietary models operated by OpenAI while the remaining eight are open source. Google's Gemini model, said to be at least as capable as GPT-4 in its latest iteration, was not available at the time. \n The researchers had their LLM-agents probe test websites for 15 vulnerabilities, including SQL injection, cross-site scripting, and cross-site request forgery, among others. The open source models that were tested all failed. \n But OpenAI's GPT-4 had an overall success rate of 73.3 percent with five passes and 42.7 percent with one pass. The second place contender, OpenAI's GPT-3.5, eked out a success rate of only 6.7 percent with five passes and 2.7 percent with one pass. \n \"That's one of the things we find very surprising,\" said Kang. \"So depending on who you talk to, this might be called scaling law or an emergent capability. What we found is that GPT-4 is highly capable of these tasks. Every open source model failed, and GPT-3.5 is only marginally better than the open source models.\" \n \n https://www.theregister.com/2024/02/17/ai_models_weaponized/ \n https://arxiv.org/html/2402.06664v1 \n \n \n ALPHV gang claims it's the attacker that broke into Prudential Financial, LoanDepot \n The ALPHV/BlackCat ransomware group is claiming responsibility for attacks on both Prudential Financial and LoanDepot, making a series of follow-on allegations against them. \n Both US companies recently confirmed (here and here) cybersecurity incidents via Form 8-K filings with the Securities and Exchange Commission (SEC), but neither document mentioned the involvement of ransomware. \n Neither company has had any of their stolen data leaked at this stage, although if negotiations continue to stall as ALPHV says they have (presuming its claims are true), then a data dump may not be too far away. \n The advice from both CISA and the FBI is that victims should not pay ransom demands to cybercriminals, and in many cases this is followed. \n \n ACTIONS TO TAKE TODAY TO MITIGATE CYBER THREATS FROM RANSOMWARE: \n \n Prioritize remediating known exploited vulnerabilities. \n Train users to recognize and report phishing attempts. \n Enable and enforce multifactor authentication. \n \n \n When ransom demands aren't paid, however, victims are often \"punished\" by having their attacks publicized, before continued non-compliance with the criminals' demands leads to data disclosure. That's the double extortion model. \n ALPHV has now made a number of inflammatory allegations against both victims, which of course should be taken with a substantial grain of salt given that they are indeed criminals. \n In the case of Prudential Financial, the gang has alleged that the company fibbed in its regulatory filing, which claimed the attackers broke in on February 4 and systems were contained a day later. \n \"The claims… are categorically false. We continue to have uninterrupted access to their network and are actively exfiltrating information,\" ALPHV alleged on its site. \"This can be verified as we sent the CEO, CIO, and legal person an email today showing evidence of this [as of] Feb 15.\" \n The gang said it is currently looking for customers who may wish to buy the stolen data, but will consider releasing it for free. This follows Prudential's claim that it had seen no evidence of customer or client data being stolen. It made no such exclusions for other data types. \n If the allegations are true, the company could face a backlash from the SEC and investors. However, it's worth remembering that ALPHV made a name for itself towards the back end of last year for weaponizing regulators against ransomware victims. \n Evasive ALPHV \n The ALPHV ransomware group continues to frustrate US authorities by terrorizing major organizations under its watch after surviving a takedown attempt in December. \n It's not often a cybercrime operation can withstand and overcome attempts to shutter it after international law enforcement sets out to dismantle its infrastructure, but that's what happened in December when ALPHV wrestled the feds for control of its site over the space of a few days. \n It seems the BlackCat does indeed have nine lives, as they say. \n When the FBI's initial seizure splash page appeared on the outfit's dark web site, followed by press releases lauding the takedown and release of a decryptor, infosec watchers believed one of the world's most notorious ransomware gangs had fallen like so many before it. \n Fast-forward two months and it's like nothing happened. The group's website is back up and running and affiliates continue to claim major attacks on Western organizations. \n Most recently, it allegedly broke into Canada's Trans-Northern Pipelines – an attack on a critical infrastructure organization that naturally brings back memories of DarkSide's Colonial Pipeline incident. \n It may also not be a coincidence, given that ALPHV is linked to BlackMatter, which itself was linked to DarkSide. \n Towards the end of last week, the US announced that it would offer a maximum total reward of $15 million for information leading to the identification or location of ALPHV leadership members and/or their arrest. \n \n https://www.theregister.com/2024/02/19/alphv_claims_cyberattacks_on_prudential/ \n https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a \n \n \n LockBit ransomware gang has over $110 million in unspent bitcoin \n The LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation. \n Following the LockBit takedown in Operation Cronos, the National Crime Agency (NCA) in the U.K. with support from blockchain analysis company Chainalysis identified more than 500 cryptocurrency addresses being active. \n After hacking LockBit’s infrastructure, law enforcement obtained 30,000 Bitcoin addresses used for managing the group’s profits from ransom payments. \n \n https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-has-over-110-million-in-unspent-bitcoin/ \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"19650","kudosSumWeight":4,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgwMjYtM2xuRTdH?revision=16\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgwMjYtTmt3MFBD?revision=16\"}"}}],"totalCount":2,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:327496":{"__typename":"Conversation","id":"conversation:327496","topic":{"__typename":"TkbTopicMessage","uid":327496},"lastPostingActivityTime":"2024-02-05T14:40:43.058-08:00","solved":false},"User:user:241262":{"__typename":"User","uid":241262,"login":"MegaZone","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yNDEyNjItMTg4ODFpN0U1OEE0RTAwMDg0NDJGMQ"},"id":"user:241262"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjc0OTYtS2xtc1Vl?revision=7\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjc0OTYtS2xtc1Vl?revision=7","title":"SIRT-Email-Banner-External-Standard.jpg","associationType":"BODY","width":768,"height":120,"altText":""},"TkbTopicMessage:message:327496":{"__typename":"TkbTopicMessage","subject":"VulnCon, Big Brother, School Daze, and More - Jan 22nd-28th, 2024 - F5 SIRT - This Week in Security","conversation":{"__ref":"Conversation:conversation:327496"},"id":"message:327496","revisionNum":7,"uid":327496,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:241262"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" This time around the F5 SIRT This Week In Security covers the upcoming VulnCon, nasty tricks on US citizens by the NSA using data brokers, the failure of university computer science programs to teach security, how we should learn to stop living in fear and love CVE, and what drastic measures it might take to curtail the ransomware epidemic. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":167},"postTime":"2024-02-05T14:40:43.058-08:00","lastPublishTime":"2024-02-05T14:40:43.058-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Editor's introduction \n Has it been seven weeks already? Time flies like an arrow. And fruit flies like a banana. Yes, that sense of humor means MegaZone is once again at the controls. \n Before I get to the usual, a sidebar - if you're a CNA, check your email. Voting is now open for the CVE Board CNA Liaison position. While I am one of the nominees for the position, I'm not asking you to vote for me, just to vote - this is an important role, providing a voice for CNAs to the CVE Board. Voting closes February 8th - look for details in the email from the CVE Program Secretariat. \n With that out of the way, let's take a quick look at what caught my eye in this week's security news feed, and that I had some thoughts on myself. \n By the way, if this is your first TWIS, you can always read past editions. And there is a lot of other content from the F5 SIRT to check out as well. \n VulnCon 2024 \n I'm going to use my soapbox to plug CVE/FIRST VulnCon 2024, March 25th-27th, 2024 in Raleigh, North Carolina. This is the inaugural VulnCon, and it is a joint effort of the CVE Program and FIRST. It is also replacing the previously held annual CNA Summit, so if you're a CNA you're strongly encouraged to attend this instead. I'll lift language from the site: \n The purpose of the conference is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem. A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly. \n Con registration and hotel information is available now, and the con is hybrid, so you can attend in person or virtually. I'm also one of the organizing co-chairs, representing the CNA community for the CVE.org, so there's that as well. \n Depending on when this issue of TWIS hits DevCentral the Call For Papers will either be just about to close, or have just closed, as that happens January 31st. We've already started reviewing submissions and we'll be working on the program schedule in the coming weeks. Stay tuned! \n \n https://www.first.org/conference/vulncon2024/ \n https://www.cve.org/Media/News/item/news/2023/12/05/CVE-FIRST-VulnCon-2024 \n \n NSA Circumvents Warrants with Data Brokers \n I'm not a fan of information hoovering, privacy invading data brokers. I'm also not a fan of government overreach and deliberate efforts to circumvent citizen's rights. So I was really not thrilled to learn that the NSA, and other US agencies, have been circumventing the need for warrants or court orders by turning to commercial data brokers to purchase location data, browsing habits, and other Internet tracking information rather than legally collecting it themselves. Not only have they been circumventing the legal protections in place for citizens against abuse by such agencies, they've been contributing to the abusive data broker industry by funding it with tax dollars. Lose-lose-lose for individual citizens. \n The good news is that, in light of a recent FTC ruling, it looks like these practices may be ending now they they've come to light. \n \n https://www.wyden.senate.gov/news/press-releases/wyden-releases-documents-confirming-the-nsa-buys-americans-internet-browsing-records-calls-on-intelligence-community-to-stop-buying-us-data-obtained-unlawfully-from-data-brokers-violating-recent-ftc-order \n https://www.ftc.gov/news-events/news/press-releases/2024/01/ftc-order-prohibits-data-broker-x-mode-social-outlogic-selling-sensitive-location-data \n https://www.theregister.com/2024/01/26/nsa_browser_records/ \n \n Failing Grades \n CISA published a blog calling for university computer science programs to include security in their curricula, and I strongly agree. Throughout my career my experience has been that developers, even experienced developers, often have not had had sufficient training in secure development practices. This is especially true for new developers who come out of CompSci programs with skills to build functional software, but little to no knowledge of real-world security concerns and how they should influence software design choices. We, as an industry, keep reinventing the square wheel with the same types of vulnerabilities year after year. Universities could do a lot of good by stressing secure software development in their programs, to better prepare the next generation of developers. Security is not a specialization - security is for everyone, all software, all products, and all developers. It should not be an elective - it should be a requirement. \n \n https://www.cisa.gov/news-events/news/we-must-consider-software-developers-key-part-cybersecurity-workforce \n https://www.theregister.com/2024/01/26/security_courses_requirements/ \n \n Do Not Fear CVE \n Ivanti and Juniper Networks are catching a bit of heat from the security community over the way they've handled some recent issues and the CVE assignments, or lack thereof. As someone who handles vulnerability management and disclosure, and is heavily involved in the CVE program, and has even written a couple of articles on DevCentral on the topic, I had some thoughts on this. I feel like some of this comes from the fear of CVE, or the desire to minimize the number of CVEs that you publish as a vendor. The whole concept of 'more CVEs are bad', to me, is just the wrong way of thinking. If you think that way it can, consciously or not, lead you to possibly not disclosing issues that you should. You may start to justify, even to yourself, why something should not be a CVE. Or you may stretch the definition of a 'fix'. to stuff multiple issues into one CVE, rather than issue multiple CVEs. \n As my colleagues would attest, my approach is more \"Justify to me why this is not a CVE.\" Why in doubt, I believe it is better to issue a CVE. A CVE is just a unique identifier for a specific software issue. It isn't a scarlet letter or badge of shame. I don't enjoy publishing CVEs, but I view them as necessary and correct for open communication. The correct, and only, way to publish fewer CVEs is to have fewer vulnerabilities to disclose, IMHO. When I see large vendors with complex products with very few CVEs, frankly I'm skeptical. Is it more likely that they've cracked the problem writing vulnerability-free complex software, or that they're just not issuing CVEs and disclosing the issues they've found? (Or, worse, not finding the issues?) \n Anyway, I encourage vendors and CNAs to not fear CVEs and to issue them when necessary. And I'll continue to work to have F5 do the same. \n \n https://www.theregister.com/2024/01/22/ivanti_and_juniper_networks_criics_unhappy/ \n https://community.f5.com/kb/technicalarticles/why-we-cve/307033 \n https://community.f5.com/kb/technicalarticles/cve-who-what-where-and-when/312657 \n \n What Will Kill Ransomware? \n How many times have we covered ransomware in TWIS? I know I feel like I've written something about it nearly every time I've been at the controls, and I've seen my colleagues cover it as well. Every week I see articles on the latest ransomware attacks. Ransomware is a regular subject in customer tickets. We have regular corporate trainings and admonishments to be wary of it. Ransomware is so pervasive that it feels just like a fact of life at this point. But why? \n Because it pays. The only reason ransomware continues to persist, year in, year out, is that the organizations and individuals behind the campaigns continue to make money with it. And as long as the financial incentive exists, so will ransomware. I agree with the view that the only way to, if not end, then reduce the prevalence of ransomware is to starve the financial reward pipeline to remove the incentive. Consider the figures from this Dutch study: \n Among 430 victims from 2019-2022, 28% reported paying a ransom, with the average amount just over €431,000 (about $469,781) and the median €35,000 (about $38,138). \n Companies with insurance paid on average significantly higher ransoms, of €708,105 (about $771,600) compared to $133,016 ($144,940). \n Those kinds of payouts are a significant incentive. And having insurance just makes it worse. If I were of the evil mindset I'd certainly be more apt to target corporations I knew had cyber insurance. And the problem is only getting worse: \n Almost 5,200 organizations were hit by ransomware attacks in 2023, according to Rapid7. NCC Group concluded ransomware attacks increased 84% to almost 4,700 incidents in 2023. \n Maybe it is time for some tough love, and a regulatory ban on ransomware payments. Ransomware payments are directly funding cybercrime, and the funds are often believed to be funneled to other criminal, and even terrorist, activities. A ban on paying ransoms would also apply to cyber insurance. While the insurance could still cover losses from the impact of the ransomware, paying the ransom would become illegal. Such a ban might force companies to redouble their efforts to better protect their networks and data against ransomware. Better backup systems, antimalware, network partitioning, restricted permissions, etc. Many security best practices are not employed because of the 'costs' of doing so. But if the potential costs of not doing so increase, those implementation costs start to look more acceptable. \n What is clear is that 'more of the same' just isn't working. Ransomware is not only not going away, it is a growing problem. What we're doing today is just making the problem worse. It may be time to stop feeding the beast and to start starving it instead. \n \n https://www.cybersecuritydive.com/news/ransom-payment-ban-outlook/705316/ \n https://therecord.media/ransomware-victim-mindset-dutch-study-tom-meurs \n https://www.scmagazine.com/resource/akira-ransomware-groups-changing-tactics-what-you-need-to-know \n https://www.cybersecuritydive.com/news/loandepot-ransomware-exposes-17M-people/705169/ \n \n \n Until next time! ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"10605","kudosSumWeight":1,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjc0OTYtS2xtc1Vl?revision=7\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:326406":{"__typename":"Conversation","id":"conversation:326406","topic":{"__typename":"TkbTopicMessage","uid":326406},"lastPostingActivityTime":"2024-01-03T17:13:30.246-08:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjY0MDYtMjAxNDdpRkVGQ0NCNUE3NzdGRjg4RQ?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjY0MDYtMjAxNDdpRkVGQ0NCNUE3NzdGRjg4RQ?revision=4","title":"lior-rotkovitch.png","associationType":"COVER","width":1280,"height":720,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjY0MDYtMjEzNzhpQzAzNEQ3N0I4QzU0QkM5QQ?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjY0MDYtMjEzNzhpQzAzNEQ3N0I4QzU0QkM5QQ?revision=4","title":"F5SIRT-banner-2021.jpg","associationType":"BODY","width":768,"height":120,"altText":null},"TkbTopicMessage:message:326406":{"__typename":"TkbTopicMessage","subject":"End of year summary and new year predictions, Dec 25th – 31st – F5SIRT This Week in Security","conversation":{"__ref":"Conversation:conversation:326406"},"id":"message:326406","revisionNum":4,"uid":326406,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:172154"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":457},"postTime":"2024-01-03T17:13:30.246-08:00","lastPublishTime":"2024-01-03T17:13:30.246-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n \n This Week in Security \n December - 25th – 31st , 2023 \n \" End of year summary and new year predictions \" \n \n \n Editor's introduction \n This week editor is Lior Rotkovitch. Another year went by, and it is a good time to start summarizing major security incidents in 2023. \n In the past year we saw increase in CVE hunting where threat actors are in a race to take over an unpatched system within few hours from publications. CVE hunting become a low hanging fruit attack where hackers just scan the web for vulnerabilities with the assumption that it takes at least 1-2 days to patch the system from publication time using this gap to randomly exploit the vulnerable targets and get value. One poplar CVE hunting vulnerabilities occurred at control plane that are facing the public internet. once the entry point has exploited, they leverage the hack into a full take over by embedding malware or ransomware with persistence and even installing common hacking tools to achieve more granular control over the compromised system. F5 SIRT is promoting the control plane protection for many years by reducing public access (DMZing ) or placing a WAF in front of it, this is important part of the security plan. \n Every end is also a beginning and as such there are security predictions for 2024. I guess the easiest prediction is just “more of everything” as the hacker’s playgrounds is expending all the time. Any hardware and software can and will be hacked at some points. \n While this is not encouraging, not all hope is lost, the security industry made a huge progress and created many products and services that provides the tooling needed to detect and mitigate those attacks. Building the right security plan, training personnel and well define security plan can get you in to a place where the mitigation time will be improved significantly. Until next time, happy and safe new year. \n \n Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers \n In this case an open-source vulnerability affects commercial products. The interesting part is that the root cause for the CVE still exists when it was published due to incomplete fix. notable article quotes: \n “A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits. \n Apache OFBiz (Open For Business) is an open-source enterprise resource planning system many businesses use for e-commerce inventory and order management, human resources operations, and accounting. \n OFBiz is part of Atlassian JIRA, a commercial project management and issue-tracking software used by over 120,000 companies worldwide. Therefore, any flaws in the open-source project are inherited by Atlassian's product. \n …. While investigating Apache's fix, which was to remove the XML-RPC code from OFBiz, SonicWall researchers discovered that the root cause for CVE-2023-49070 was still present. \n This incomplete fix still allowed attackers to exploit the bug in a fully patched version of the software.” \n \n https://www.bleepingcomputer.com/news/security/apache-ofbiz-rce-flaw-exploited-to-find-vulnerable-confluence-servers/ \n \n With car privacy concerns rising, automakers may be on road to regulation \n Cars security was a big issue few years ago but it never took off for some reason. With the fast growth of Electronic vehicles, the security aspect is back mostly because of privacy issues with the data that the vehicle computer storage. Synchronizing contacts and apps from your mobile phone or tables to the car makes it unclear what happens to this data. notable article quotes: \n “…. sent a letter to 14 major auto manufacturers, condemning their privacy practices and declaring that consumers should not be trapped in a “massive data collection apparatus, with any disclosures hidden in pages-long privacy policies filled with legalese.” \n Markey pointed out that Bluetooth’s emergence has broadened car surveillance by letting companies extract data that “has nothing to do with a vehicle’s operation, such as data from smartphones that are wirelessly connected to the vehicle.\" \n \n https://therecord.media/car-privacy-concerns-road-to-regulation?&web_view=true \n \n \n Hackers see wealth of information to steal in children’s school records \n Protecting data at large scale is always a challenge. Children at schools are not aware of security aspects provide great playground for hackers while the mitigations solutions are not always easy to accomplish. notable article quotes: \n “Our school’s digital doors are rattled, pinged, probed and prodded thousands of times each day by well-resourced adversaries from all over the globe,” \n Cybercriminals seeking ransom payouts or identity thieves going after a student’s spotless credit can gain access to identifying information, assessments, assignments, grades, homework, health records, attendance history, discipline records, special education records, home communications and more. \n He advises moving away from methods like SMS confirmation, which can be intercepted through Bluetooth, and says that physical hardware security tokens would be safer. Of course, as Young said, “Some of the time we’re talking about kids as young as five and six years old with technology in their hands.” In these cases, lost technology is a real threat, and the most secure solution is not necessarily the one that makes the most sense. This paradox is yet another mountain that school information security teams must climb.” \n \n https://www.cnbc.com/2023/12/27/hackers-see-wealth-of-information-to-steal-in-kids-school-records.html \n \n Lockbit ransomware disrupts emergency care at German hospitals \n Hospitals are a target over and over.. notable article quotes: \n “recent service disruptions at three hospitals were caused by a Lockbit ransomware attack. \n \"Unknown actors have gained access to the systems of the IT infrastructure of the hospitals and have encrypted data,\" \n At the time of writing, the Lockbit ransomware gang hasn't added KHO to its extortion portal on the dark web, so whether or not the cybercriminals stole patient data or other sensitive information hasn't been determined yet. “ \n \n https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/ \n \n 2023 summary \n Few of the attacks mentioned are T-Mobile API attack, MOVEit attack and the MGM resorts breach. \n https://www.infosecurity-magazine.com/news-features/top-cyber-attacks-2023/ \n https://www.scmagazine.com/news/data-leaks-ai-and-ransomware-topped-the-headlines-in-2023-for-sc-media \n https://www.welivesecurity.com/en/cybersecurity/year-review-10-biggest-security-incidents-2023/ \n \n 2024 Predictions \n Social engineer backed by AI – fake images, deep fake phishing is just a matter of time . Cloud – multi cloud hybrid environment incidents and CICD attack are expected to increase. \n More : https://www.securitymagazine.com/articles/100271-top-cybersecurity-predictions-of-2024 \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"7265","kudosSumWeight":3,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjY0MDYtMjAxNDdpRkVGQ0NCNUE3NzdGRjg4RQ?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjY0MDYtMjEzNzhpQzAzNEQ3N0I4QzU0QkM5QQ?revision=4\"}"}}],"totalCount":2,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:287617":{"__typename":"Conversation","id":"conversation:287617","topic":{"__typename":"TkbTopicMessage","uid":287617},"lastPostingActivityTime":"2021-07-02T12:01:14.000-07:00","solved":false},"User:user:411771":{"__typename":"User","uid":411771,"login":"Sander_Vinberg","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-1.svg"},"id":"user:411771"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODc2MTctMTUyNTlpODQ5OEM3Q0FGMDk3MjUyQQ?revision=1\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODc2MTctMTUyNTlpODQ5OEM3Q0FGMDk3MjUyQQ?revision=1","title":"0EM1T000003BJge.png","associationType":"BODY","width":642,"height":447,"altText":null},"TkbTopicMessage:message:287617":{"__typename":"TkbTopicMessage","subject":"Supplement To The 2021 App Protect Report","conversation":{"__ref":"Conversation:conversation:287617"},"id":"message:287617","revisionNum":1,"uid":287617,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:411771"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":213},"postTime":"2021-07-02T12:01:14.000-07:00","lastPublishTime":"2021-07-02T12:01:14.000-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" We frequently get requests to break down threats in a specific vertical. So, as a follow up to the F5 Labs, 2021 Application Protection Report (APR), we analyzed and visualized the attack chains of more than 700 data breaches looking for relationships between sectors or industries and the tactics and techniques attackers use against them. \n\n This effort produced the F5 Labs 2021 APR Supplement: Sectors and Vectors, where we found that while there are some attack patterns that correspond with sectors, the relationships appear indirect and partial, and counterexamples abound. \n\n The overall conclusion is that sectors can be useful for predicting an attack vector, but only in the absence of more precise information such as vulnerabilities or published exploits. This is because the types of data and vulnerabilities in the target environment, which determine an attacker’s approach, are no longer tightly correlated with the nature of the business. \n\n Look for more details about your sector (Finance, Education, Health Care, Scientific, Retail, etc) in the F5 Labs, 2021 APR Supplement: Of Sectors and Vectors. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"1130","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODc2MTctMTUyNTlpODQ5OEM3Q0FGMDk3MjUyQQ?revision=1\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:288908":{"__typename":"Conversation","id":"conversation:288908","topic":{"__typename":"TkbTopicMessage","uid":288908},"lastPostingActivityTime":"2021-05-25T07:56:40.000-07:00","solved":false},"User:user:7":{"__typename":"User","uid":7,"login":"LiefZimmerman","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS03LTVnQ0JFWg?image-coordinates=0%2C0%2C200%2C200"},"id":"user:7"},"TkbTopicMessage:message:288908":{"__typename":"TkbTopicMessage","subject":"Of Ransom and Redemption: The 2021 Application Protection Report","conversation":{"__ref":"Conversation:conversation:288908"},"id":"message:288908","revisionNum":1,"uid":288908,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:7"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":200},"postTime":"2021-05-25T07:56:40.000-07:00","lastPublishTime":"2021-05-25T07:56:40.000-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" The information security professional’s mission has gradually become extraordinarily complex. At times, this mission borders on contradiction. Quite often, responsibility for the various components that form an enterprise environment is spread not only among multiple teams within the enterprise but also among vendors, partners, and service providers. \n\n In this 2021 Application Protection Report by F5 Labs, Sander, Ray, Shahnawaz, and Malcom look at the breaches in the past year as a series of attacker techniques, explore the outcomes, and provide some recommendations for controls you can implement in your environment. \n\n Some Highlights \n\n Two-thirds of API incidents in 2020 were attributable to either no authentication, no authorization, or failed authentication and authorization. In 2020, four sectors—finance/insurance, education, health care, and professional/technical services—experienced a greater number of breaches than retail (the leader in 2018 and 2019), partly driven by the growth in ransomware. The most important controls are privileged account management, network segmentation, restricting web-based content, data backup, and exploit protection (i.e., WAF). \n\n DevCentral Connects featuring Sander Vinberg \n\n Or, if you prefer, listen to Jason & John talk to Sander, directly, on DevCentral Connects. \n \n\n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"1352","kudosSumWeight":0,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:280728":{"__typename":"Conversation","id":"conversation:280728","topic":{"__typename":"TkbTopicMessage","uid":280728},"lastPostingActivityTime":"2017-05-15T11:13:40.000-07:00","solved":false},"User:user:56738":{"__typename":"User","uid":56738,"login":"ltwagnon","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS01NjczOC0xNjM3OGk3QkQ0M0UxRDAzRDEzMDg3"},"id":"user:56738"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODA3MjgtOTgyOWlEMDkwN0JBQzg2OTJERjU3?revision=1\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODA3MjgtOTgyOWlEMDkwN0JBQzg2OTJERjU3?revision=1","title":"0151T000003d6xhQAA.png","associationType":"BODY","width":1162,"height":658,"altText":null},"TkbTopicMessage:message:280728":{"__typename":"TkbTopicMessage","subject":"Security Trends in 2016: The Problem Of Ransomware","conversation":{"__ref":"Conversation:conversation:280728"},"id":"message:280728","revisionNum":1,"uid":280728,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:56738"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":294},"postTime":"2017-02-10T12:00:00.000-08:00","lastPublishTime":"2017-02-10T12:00:00.000-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Ransomware is a specific type of malware that encrypts important information and keeps it encrypted until the ransom (typically money) has been paid. Until very recently, ransomware was not a widely-used type of malware, but it has absolutely exploded in popularity in the past few years. SonicWall reported 3.8 million ransomware attacks in 2015 and then 638 million attacks in 2016! That 167 times larger...in just one year. If ransomware is growing this quickly, then it's fair and responsible to talk about it and figure out what to if you ever get attacked with it. \n\n \n Ransom (noun): money that is paid or demanded for the release of someone or something from captivity \n \n\n The following graph shows various examples of ransomware over time. Notice the concentration in the past few years. This shows that many attackers are focusing their coding efforts on ransomware, and would-be criminals have a seemingly endless selection from which to choose. \n\n \n\n \n\n Why the sudden rise in ransomware, you ask? Great question. The answer: it works, and it's lucrative. In 2016 alone, an estimated $1 Billion was paid out in ransomware fees. Ransomware has always been a technical option for attackers (it's not entirely hard to plant malware on someone's computer and encrypt a bunch of their files), but the main problem rose out of the payment part of the ransom. In years past, attackers didn't have a convenient and reliable way to anonymously accept ransom payment. But now, they have a very easy way to conduct anonymous financial transactions online...it's called Bitcoin. Bitcoin plays a huge role in ransomware because it is both anonymous and popular as a form of online payment. Before Bitcoin, it was nearly impossible to accept payment for the ransom without getting caught. Now, you can exchange money via Bitcoin and no one can track it. Since anonymous payment options are available and ransom malware is easily accessible, ransomware has become a very popular tool for attackers. \n\n When a person or company is the target of ransomware, the fundamental decision of that person or company centers around the payment of the ransom. Do you pay or not? If you don't pay, you definitly won't get your data back. Of course, even if you do pay, there's no guarantee that you'll get your money back. In 2016, less than half of all companies that were attacked actually recovered all of their data. It's good to discuss these decisions prior to getting attacked. Here are some recent examples of companies that were attacked and chose to pay the ransom: \n\n Feb 2016 - Hollywood Presbyterian Medical Center in Los Angeles payed 40 Bitcoin ($17,000 at the time) to get its data back April 2016 - The Lansing Board of Water & Light (BWL) paid $25,000 to get their data back May 2016 - Kansas Heart Hospital was attacked and paid the ransom only to have the attackers demand more ransom and still not give access to their data September 2016 - Hosted desktop and cloud provider VESK paid 29 Bitcoins (about $23,000 at the time) to get their data back. November 2016 - Hackers demanded 100 Bitcoins (about $73,000 at the time) from the San Francisco Municipal Transit Authority to get their systems back online. December 2016 - The Cockrell Hill Police Department was attacked with ransomware and the demand was $4,000 in Bitcoin \n\n I could go on with many more examples, but you see the point. Ransomware attacks are on the rise, and you need to be prepared for one. In just about every one of these cases, the ransomware was planted via a malicious file attached to an email or website. The old idea of \"don't open suspicious attachments\" and \"don't click on suspicious links\" still completely rings true today. It's also a great idea to have backups of all your data and those backups should be stored in a way that makes it difficult for the ransomware attackers to attack the backups if/when they successfully breach your network. Finally, if you ever fall vicitim to ransomware, call the FBI so they can try to decrypt the data and chase after the attackers...although they might tell you just to pay the ransom. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"4381","kudosSumWeight":0,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODA3MjgtOTgyOWlEMDkwN0JBQzg2OTJERjU3?revision=1\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/customComponent/CustomComponent-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/customComponent/CustomComponent-1728320186000","value":{"errorMessage":"Error rendering component id: {customComponentId}","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/community/Navbar-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1728320186000","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Groups","migrated-link-7":"Technical Articles","migrated-link-8":"DevCentral News","migrated-link-1":"Technical Forum","migrated-link-10":"Community Groups","migrated-link-2":"Water Cooler","migrated-link-11":"F5 Groups","migrated-link-0":"Forums","article-series":"Article Series","migrated-link-5":"Community Articles","migrated-link-6":"Articles","security-insights":"Security Insights","migrated-link-3":"CrowdSRC","migrated-link-4":"CodeShare","migrated-link-12":"Events","migrated-link-13":"Suggestions"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1728320186000","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1728320186000","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1728320186000","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1728320186000","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1728320186000","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagSubscriptionAction-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagSubscriptionAction-1728320186000","value":{"success.follow.title":"Following Tag","success.unfollow.title":"Unfollowed Tag","success.follow.message.followAcrossCommunity":"You will be notified when this tag is used anywhere across the communtiy","success.unfollowtag.message":"You will no longer be notified when this tag is used anywhere in this place","success.unfollowtagAcrossCommunity.message":"You will no longer be notified when this tag is used anywhere across the community","unexpected.error.title":"Error - Action Failed","unexpected.error.message":"An unidentified problem occurred during the action you took. Please try again later.","buttonTitle":"{isSubscribed, select, true {Unfollow} false {Follow} other{}}","unfollow":"Unfollow"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1728320186000","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1728320186000","value":{"title":"Query Handler"},"localOverride":false},"Category:category:top":{"__typename":"Category","id":"category:top","nodeType":"category"},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1728320186000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1728320186000","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1728320186000","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1728320186000","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1728320186000","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1728320186000","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1728320186000","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1728320186000","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1728320186000","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1728320186000","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1728320186000","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1728320186000","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1728320186000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false}}}},"page":"/tags/TagPage/TagPage","query":{"tagName":"ransomware"},"buildId":"OKtI0OLKuXmERTJKBVqYX","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"f5","openTelemetryServiceVersion":"24.11.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/customComponent/CustomComponent/CustomComponent.tsx","./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/tags/TagsHeaderWidget/TagsHeaderWidget.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/tags/TagSubscriptionAction/TagSubscriptionAction.tsx","../shared/client/components/common/List/ListGroup/ListGroup.tsx","./components/messages/MessageView/MessageView.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx"],"appGip":true,"scriptLoader":[]}