{"version":3,"file":"WJBZI1Ghk-8.BDpf6OsC.mjs","names":["o","a","n","r"],"sources":["https:/framerusercontent.com/modules/xkgOTPH3D819XQA1Lv94/EoEWkacA16uV7vRB951x/WJBZI1Ghk-8.js"],"sourcesContent":["import{jsx as e,jsxs as t}from\"react/jsx-runtime\";import{ComponentPresetsConsumer as n,Link as o}from\"framer\";import{motion as a}from\"framer-motion\";import*as i from\"react\";import r from\"https://framerusercontent.com/modules/pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js\";export const richText=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Attacks against predictive AI\"}),/*#__PURE__*/e(\"h3\",{children:\"At the training stage\"}),/*#__PURE__*/e(\"p\",{children:\"At this stage of the lifecycle, we find poisoning attacks against the ML model data and against the model itself. These attacks, which can have many variations, usually end up violating the integrity or the availability of the AI system.\"}),/*#__PURE__*/t(\"p\",{children:[\"In \",/*#__PURE__*/e(\"strong\",{children:\"data poisoning attacks\"}),\", the adversary controls the model's training data sets and can insert or modify samples at will. Thus, when the attacker inserts poisoned samples with a specific target label, the model learns that wrong label. So, for instance, if the model is an image classifier, after going through the training phase, it misclassifies some images in its testing period. If its task is, let's say, to identify traffic signs, it may then miss some of them or take other images as if they were such signs. Something similar has been demonstrated in the alteration of spam detectors.\"]}),/*#__PURE__*/t(\"p\",{children:[\"On the other hand, in \",/*#__PURE__*/e(\"strong\",{children:\"model poisoning attacks\"}),\", the adversary controls the model and its parameters. There, the model's poisoning occurs with the insertion of malicious functionalities. For example, the attacker can inject a Trojan trigger in the model after having infected only some of its components that were brought as updates to be added to the server. Such infection, as in the case of poisoned data, can generate issues in the model's accuracy.\"]}),/*#__PURE__*/e(\"p\",{children:\"In some poisoning attacks, the attacker can focus on specific targets, be they smaller samples or particular components of the model, and insert previously generated backdoor patterns to, again, induce misclassifications. Finally, regarding availability, availability poisoning attacks cause indiscriminate degradation of the model on all samples and end up achieving something like a denial-of-service for the users of the AI system.\"}),/*#__PURE__*/e(\"h3\",{children:\"At the deployment stage\"}),/*#__PURE__*/t(\"p\",{children:[\"In \",/*#__PURE__*/e(\"strong\",{children:\"evasion attacks\"}),\", the adversary modifies the test samples to create so-called adversarial examples. These are samples that, having received a minimal perturbation, which may even be imperceptible to the human eye, are given by the system an altered classification that points to an arbitrary class chosen by the attacker. As samples that are very similar to the original ones and incorrectly classified by the model, they affect the system's predictions. Then, as in the case of poisoning attacks, an image classifier, for example, is fooled with such adversarial examples, and the attacker, for their malicious purposes, prevents the system from recognizing specific images as it is supposed to.\"]}),/*#__PURE__*/t(\"p\",{children:[\"In \",/*#__PURE__*/e(\"strong\",{children:\"privacy attacks\"}),\", the attacker has query access to the ML model. Therefore, they can submit large numbers of queries to the model to receive information that allows them to achieve membership inference or data reconstruction. In the first case, the adversary can infer the presence or use of specific records or samples in the training data set employed by the model. In the second case, they can reconstruct particular content or characteristics of the model's training data. It is then reverse engineering to obtain private information about individual users, infrastructure or parameters of the AI system.\"]}),/*#__PURE__*/e(\"p\",{children:\"Sample reconstruction in, for instance, neural network models can occur because they tend to memorize training data. However, apparently, attackers often do not accomplish accurate data extractions but rather reconstructions of equivalent models that achieve prediction performances similar to those obtained by the original models. This is something that even allows adversaries to carry out more powerful attacks against the target systems.\"}),/*#__PURE__*/e(\"h2\",{children:\"Attacks against generative AI\"}),/*#__PURE__*/t(\"p\",{children:[\"Most of the attack types presented by NIST for predictive AI also apply to generative AI. However, other forms of security violation have been documented for this second branch of artificial intelligence. The most prominent is that of \",/*#__PURE__*/e(\"strong\",{children:\"abuse violations\"}),\". Here, the adversary manages to redirect or modify the purpose of the model (e.g., a large language model, LLM) to achieve his own goals through \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/indirect-prompt-injection-llms/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"prompt injection\"})}),\". That is, the attacker, either directly or indirectly, injects text into the model intending to alter its behavior.\"]}),/*#__PURE__*/e(\"p\",{children:\"So, for example, by resorting to the capabilities of an LLM, the adversary can instruct it to generate offensive or misinformative text or images, as well as malware or phishing content, for subsequent propagation on the Internet. The fact that LLMs can be easily integrated with different types of applications facilitates the dissemination of malicious information and the generation of wide cyberattacks, something that, among their users, can affect their reliability.\"}),/*#__PURE__*/t(\"p\",{children:[\"Concerning privacy issues, there is also the possibility that the attacker simply asks an insecure gen AI model to repeat private or confidential information it has previously worked with. There have also been demonstrated cases of injection where, in some way, the adversary instructs the LLM to persuade end users to reveal some of their sensitive information. (See our post \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/indirect-prompt-injection-llms/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:'\"Indirect Prompt Injection to LLMs.\"'})}),\")\"]}),/*#__PURE__*/e(\"p\",{children:\"Finally, on the availability violation side, in this type of artificial intelligence, there are documented cases in which the attacker delivers malicious inputs or a large number of inputs to the ML model to provoke an overwhelming computational exercise on it and lead to the denial of service to other users.\"}),/*#__PURE__*/e(\"h2\",{children:\"What about risk mitigation?\"}),/*#__PURE__*/e(\"p\",{children:\"As stated at the beginning, we do not intend to emphasize risk mitigation and consequence management methods for the attacks described above. This is partly because, while strategies such as data profiling, multi-modal training, behavior monitoring and supply chain authentication have proven useful, many techniques have also been ineffective. There have been imbalances between certain types of attacks and reliable mitigation techniques available.\"}),/*#__PURE__*/e(\"p\",{children:\"To deal successfully with many of the above types of attacks, we expect further progress to be made in new preventive and defensive strategies. To this end, the contribution of adversaries is enormously essential. Yes, just as you read it. At Fluid Attacks, we know from our experience that attackers, when they do not have bad intentions, as is the case of ethical hackers, are invaluable support in identifying vulnerabilities and proposing solutions to them. They, along with other cybersecurity specialists, having reports such as the one provided by NIST at their disposal, will be able to warn us on how to cope with these threats.\"}),/*#__PURE__*/t(\"p\",{children:[\"For the time being, we recommend you make careful use of this technology and, as we do at Fluid Attacks, rely only on those AI providers whose services show \",/*#__PURE__*/e(\"strong\",{children:\"strict security and privacy policies\"}),\" in storing and handling sensitive data.\"]})]});export const richText1=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"The new requirements to get the PCI DSS v4.0 certification include documenting, assigning and understanding roles and responsibilities for implementing security controls; verifying the scope of the PCI DSS assessment once every 12 months; performing a targeted risk analysis for every requirement met with the customized approach; and supporting customers' requests for information on PCI DSS requirement responsibility and compliance status. Compliance with these requirements is expected in a couple of months.\"}),/*#__PURE__*/t(\"p\",{children:[\"Let us give you a little bit of context. Entities that store, handle or transfer cardholder information are required to comply with the security requirements of the \",/*#__PURE__*/e(o,{href:\"https://www.pcisecuritystandards.org/document_library/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Payment Card Industry Data Security Standard\"})}),\" (PCI DSS). Version 4.0 of the standard poses \",/*#__PURE__*/e(\"strong\",{children:\"64 new technical and operational requirements\"}),\". These are distributed among the principal requirements, which are the 12 categories whose names provide us with a high-level overview. In the following image, you can see how their titles changed from v3.2.1 to v4.0.\"]}),/*#__PURE__*/e(\"img\",{alt:\"PCI DSS requirements comparison\",className:\"framer-image\",height:\"493\",src:\"https://framerusercontent.com/images/gtqkvuSPXdClROPoyXyh3IY2DQ.webp\",srcSet:\"https://framerusercontent.com/images/gtqkvuSPXdClROPoyXyh3IY2DQ.webp?scale-down-to=512 512w,https://framerusercontent.com/images/gtqkvuSPXdClROPoyXyh3IY2DQ.webp?scale-down-to=1024 1024w,https://framerusercontent.com/images/gtqkvuSPXdClROPoyXyh3IY2DQ.webp 1725w\",style:{aspectRatio:\"1725 / 986\"},width:\"862\"}),/*#__PURE__*/e(\"h6\",{children:\"Title changes in PCI DSS principal requirements from v3.2.1 to v4.0.\"}),/*#__PURE__*/t(\"p\",{children:[\"Companies need to start complying with \",/*#__PURE__*/e(\"strong\",{children:\"13\"}),\" of the new requirements ASAP, as this version will take effect on \",/*#__PURE__*/e(\"strong\",{children:\"March 31, 2024\"}),\". The remaining 51 are considered best practices to start following during the year and will be mandatory starting March 31, 2025.\"]}),/*#__PURE__*/e(\"p\",{children:\"The penalties due to noncompliance may include sizable fines. These range from USD 5,000 to 100,000 each month depending on the firm's period of noncompliance and volume of transactions. Also, stakeholders may seize the firm's ability to accept card payment. Moreover, public knowledge of these events would have a detrimental effect on customer trust and the firm's reputation. With this in mind, as well as your purpose to keep your firm's and clients' data safe, let's look at what's new.\"})]});export const richText2=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Documenting, assigning and understanding roles and responsibilities\"}),/*#__PURE__*/t(\"p\",{children:[\"Ten out of the 13 new requirements ask for \",/*#__PURE__*/e(\"strong\",{children:\"documenting, assigning and understanding the roles and responsibilities\"}),\" for implementing security controls. In the \",/*#__PURE__*/e(o,{href:\"https://www.pcisecuritystandards.org/document_library/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"prioritized approach\"})}),\" formally presented by the standard, in case this is your first rodeo, it is suggested that fulfillment of this requirement be left for after other more basic ones in the principal requirement are achieved.\"]}),/*#__PURE__*/e(\"p\",{children:\"To summarize, these are our simplified versions of some of the requirements that your team should meet first and for which roles and responsibilities should be clear:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Build and maintain a secure network and systems:\"}),\" Resolve the issues of risky configurations in vendor default accounts, primary functions requiring different security levels, unnecessary functionalities, among others.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Protect account data:\"}),\" Implement data retention and disposal policies, procedures and processes to keep storage of account data to a minimum; use strong cryptography to keep primary account numbers safe; take measures to protect cryptographic keys; etc.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Maintain a vulnerability management program:\"}),\" Deploy antimalware solutions; develop software based on industry standards and best practices; \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/product/sast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"analyze code\"})}),\" for vulnerabilities and remediate them prior to releasing it into production; if conducting \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-manual-code-review\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"manual code review\"})}),\", have it done by individuals with vast knowledge about \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/secure-code-review/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"code-review techniques\"})}),\" and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/secure-coding-practices/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"secure coding practices\"})}),\"; etc.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Implement strong access control measures:\"}),\" Define and assign access appropriately; use an access control system; implement MFA; use strong cryptography to render all authentication factors unreadable; restrict physical access to systems through appropriate facility entry controls; etc.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Regularly monitor and test networks:\"}),\" Enable, review and protect audit logs (i.e., the chronological record of system activities); conduct \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/vulnerability-scan/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"vulnerability scans\"})}),\"; have \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/types-of-penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"internal and external penetration testing\"})}),\" performed at least once every 12 months; etc.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Maintain an information security policy:\"}),\" Document and implement acceptable use policies for end-user technologies; document and validate the scope of the PCI DSS review; monitor third-party service providers' PCI DSS compliance; etc.\"]})})]}),/*#__PURE__*/t(\"p\",{children:[\"_____\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"em\",{children:/*#__PURE__*/t(\"strong\",{children:['PCI DSS v4.0 introduces the category \"account data,\" instead of just \"cardholder data,\" to refer to the primary account number (PAN) and any other elements of two categories: cardholder data and sensitive authentication data. The former includes the PAN, cardholder name, expiration date and service code; the latter includes full track data, card verification code and PINs/PIN blocks.',/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{})]})}),\"_____\"]}),/*#__PURE__*/e(\"p\",{children:\"Later, as we grasp it, your team can work on the actual documentation within policies and procedures or a dedicated file. However, to us, the prioritization advice seems fitting only for creating the documentation, since roles and responsibilities should be assigned formally and understood for the actual security controls to be put in place.\"}),/*#__PURE__*/e(\"p\",{children:\"Further advice given in the file is the creation of a RACI matrix. It is so called as it displays who is responsible, accountable, consulted and informed.\"}),/*#__PURE__*/e(\"h2\",{children:\"New for maintaining an information security policy\"}),/*#__PURE__*/e(\"p\",{children:\"The three new remaining requirements due in 2024 are linked to the organizational policy and programs to support information security.\"}),/*#__PURE__*/t(\"p\",{children:[\"Out of these requirements, the one to meet first is \",/*#__PURE__*/e(\"strong\",{children:\"documenting and confirming the scope of the PCI DSS review at least once every 12 months\"}),\". This means your team has to verify that the locations and flows of account data and the system components (e.g., software, cloud components, network devices) to be protected are added to the scope of the review.\"]}),/*#__PURE__*/e(\"p\",{children:\"The advice is to create a spreadsheet and record\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"where the data is stored, why and for how long;\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"what data is stored (i.e., elements of cardholder and/or sensitive authentication data);\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"how the data is secured;\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"how access to the data is logged.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Moreover, your team should identify not only your internal systems and networks but also all connections from any third party.\"}),/*#__PURE__*/t(\"p\",{children:[\"One more new requirement is \",/*#__PURE__*/e(\"strong\",{children:\"performing a targeted risk analysis for every requirement\"}),\" met with the customized approach. To be clear, entities pursuing certification can follow either the defined or the customized approach. Whereas the defined approach means implementing the security controls just as the standard describes them, the customized approach involves reaching the objectives of requirements without necessarily applying the exact technologies or operations spelled out in the standard. To qualify for the latter, an entity \",/*#__PURE__*/e(o,{href:\"https://www.pcisecuritystandards.org/document_library/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"must\"})}),' \"demonstrate a robust risk-management approach to security\" (e.g., having a dedicated risk management department).']}),/*#__PURE__*/e(\"p\",{children:\"If your team meets PCI DSS requirements with the customized approach, then you will have to do a risk analysis for each of those items at least once every 12 months. That is, you will need to define in detail what would be the effect on security if the requirement is not met and say how the controls you apply provide the needed protection. The signature of a member of executive management must be present to certify that they reviewed and approved the strategy. There is a sample template in the document to help you know the elements of the analyses you need to report.\"}),/*#__PURE__*/t(\"p\",{children:[\"The last new requirement due this year is directed only at third-party service providers (TPSPs; i.e., businesses for which PCI DSS applies but who are not a payment brand), such as \",/*#__PURE__*/e(\"strong\",{children:\"payment gateways\"}),\". Some clarity is needed first. An entity depending on TPSPs needs to monitor the latter's PCI DSS compliance and maintain information on which requirements each has to meet.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The requirement is then for TPSPs to \",/*#__PURE__*/e(\"strong\",{children:\"support customers' requests for information on PCI DSS requirement responsibility and compliance status\"}),\". This will help the entity pursuing compliance meet the requirements mentioned above.\"]}),/*#__PURE__*/e(\"p\",{children:\"TPSPs can provide the customer with their PCI DSS Attestation of Compliance (AOC). And when TPSPs are not certified, at least they may provide the customer's assessor with specific evidence of their compliance with PCI DSS requirements.\"}),/*#__PURE__*/e(\"h2\",{children:\"Fluid Attacks analyzes your compliance with PCI DSS requirements\"}),/*#__PURE__*/t(\"p\",{children:[\"We test your software to verify \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-compliance-pci\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"PCI DSS compliance\"})}),\". Our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/plans/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"flagship plan\"})}),\" offers vulnerability scanning with multiple techniques, manual code review by our pentesters, vulnerability management on our platform, and expert and AI-assisted vulnerability remediation. We help you secure your software from the beginning of development and before you release it into production or to customers, which is in line with PCI DSS requirement 6.\"]}),/*#__PURE__*/t(\"p\",{children:[\"If you want to test our tools first, \",/*#__PURE__*/e(o,{href:\"https://app.fluidattacks.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"start a free trial\"})}),\".\"]})]});export const richText3=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"The main items in a company policy about gen AI usage for software development include identifying your business' generative AI use cases, establishing the gen AI tools developers are allowed to use and the security testing solution to secure AI-generated code, describing the data that must not be entered into AI tools, requiring suppliers to notify and describe their gen AI usage, and describing the AI policy communication and training strategies. As we mentioned in our post about best practices for \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/5-best-practices-coding-with-gen-ai/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"secure development with AI\"})}),\", firms can base their generative AI policies off their already existing policies.\"]})});export const richText4=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"img\",{alt:\"Cheat sheet six main items in a policy for software development with gen AI\",className:\"framer-image\",height:\"2494\",src:\"https://framerusercontent.com/images/UrswgmJm0eGrRsLsuCLxTz83j0.webp\",srcSet:\"https://framerusercontent.com/images/UrswgmJm0eGrRsLsuCLxTz83j0.webp?scale-down-to=1024 516w,https://framerusercontent.com/images/UrswgmJm0eGrRsLsuCLxTz83j0.webp?scale-down-to=2048 1033w,https://framerusercontent.com/images/UrswgmJm0eGrRsLsuCLxTz83j0.webp?scale-down-to=4096 2066w,https://framerusercontent.com/images/UrswgmJm0eGrRsLsuCLxTz83j0.webp 2516w\",style:{aspectRatio:\"2516 / 4988\"},width:\"1258\"}),/*#__PURE__*/e(\"h2\",{children:\"Identify your business' generative AI use cases\"}),/*#__PURE__*/e(\"p\",{children:\"It's important to know how gen AI would be used in your business. The use cases that you can identify are the guiding light for establishing relevant security requirements. The following are some examples of use cases:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(0, 0, 0)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"Using ChatGPT to find errors in source code and solutions to them\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"Using Copilot to quickly write software functions\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"Using application security tools to automatically fix code where vulnerabilities were detected\"})})]}),/*#__PURE__*/e(\"p\",{children:\"The policy's scope would then be defined by the use cases it covers. Further, mentions of the security risks involved in such use cases would help clearly establish the policy's purpose. And yet another important information to convey in the policy regarding use cases is the consequences of breaching the policy.\"}),/*#__PURE__*/e(\"h2\",{children:\"Establish the gen AI tools devs are allowed to use\"}),/*#__PURE__*/e(\"p\",{children:\"Developers in your company probably already have a familiarity with AI tools like ChatGPT and Copilot. The policy should mention these aiding technologies to state whether their use is allowed and any limitations to it. It may also require devs to notify whether they have used gen AI tools in their tasks and to what extent.\"}),/*#__PURE__*/e(\"p\",{children:\"Moreover, a process should be established for devs to request the use of the approved AI tool for a purpose other than that specified in the policy. Further, the policy should make clear what the devs could do to request the use of a tool that is not approved.\"}),/*#__PURE__*/e(\"h2\",{children:\"Establish the security testing solution to secure AI-generated code\"}),/*#__PURE__*/t(\"p\",{children:[\"AI-generated code may contain security vulnerabilities, some of which may be due to the tool's blindness to the company's business logic. It is important to state in your AI policy that devs should review the tool's output always. \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/vulnerability-scan/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Vulnerability scanners\"})}),\" are their friends in this process for identifying the low-hanging fruit. The policy should inform, after careful research, what \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/security-testing-fundamentals/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"application security testing\"})}),\" tools are allowed. Accordingly, it should acknowledge the tools' reports' significant \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/impacts-of-false-positives/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"false positive\"})}),\" and false negative rates.\"]}),/*#__PURE__*/t(\"p\",{children:[\"To find more business-critical vulnerabilities, an approach involving the manual \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/secure-code-review/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"secure code review\"})}),\" by security analysts (\",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/what-is-ethical-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ethical hackers\"})}),\") is advised. The policy may then instruct that this manual testing be done alongside the automated one. We describe elsewhere what you should look for in a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/choose-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"vulnerability management\"})}),\" solution. Here's a simplified ten-item checklist to give you an idea:\"]}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(0, 0, 0)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"It allows the identification and inventory of your company's digital assets.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"It yields accurate reports quickly.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/t(\"p\",{children:[\"It uses multiple techniques (e.g., \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/product/sast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"SAST\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/product/dast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"DAST\"})}),\" and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/product/mpt/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"pentesting\"})}),\"), and these are constantly enhanced.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"It offers a single platform.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"It assesses compliance with multiple security standards.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"It checks for vulnerabilities continuously.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"It allows for risk-based vulnerability prioritization.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"It offers continued help understanding and remediating vulnerabilities.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"It validates the successful remediation of vulnerabilities, even offering automated mechanisms to stop risky deployments.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"It allows for report customization and tracking and benchmarking the progress in vulnerability remediation.\"})})]}),/*#__PURE__*/t(\"p\",{children:[\"Another key information that should be present in your policy is whether devs are allowed to use gen AI tools to get \",/*#__PURE__*/e(\"strong\",{children:\"suggested\"}),\" code fixes. And if so, what tools are allowed. Mind you, the clarification must be made that even these outputs have to be checked again for vulnerabilities. What's the point, then? Well, gen AI helps accelerate the process.\"]}),/*#__PURE__*/t(\"p\",{children:[\"If you are still looking for the right solution, we invite you to start a \",/*#__PURE__*/e(o,{href:\"https://app.fluidattacks.com/SignUp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"free trial\"})}),\" of our tool and enjoy many of the features listed above, including our gen AI-powered \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/fix-code-automatically-with-gen-ai\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Autofix\"})}),\" feature. We offer all the features in the list through our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/plans/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"flagship paid plan\"})}),\".\"]}),/*#__PURE__*/e(\"h2\",{children:\"Describe the data that must not be entered into AI tools\"}),/*#__PURE__*/e(\"p\",{children:\"Your company should have identified what kind of information it handles and where the sensitive data are located. If your company embraces gen AI, it is best to define prior its use which information should not be entered into the prompts to AI tools. This comes after a thorough understanding of the tools' measures for protecting data.\"}),/*#__PURE__*/t(\"p\",{children:[\"Your company would need to identify how information confidentiality may be jeopardized in use cases like the above. This is because the information entered into some gen AI tools may be used to further train the tool and even be subject to data breaches. Some heavily reported incidents with ChatGPT are \",/*#__PURE__*/e(o,{href:\"https://www.theregister.com/2023/04/06/samsung_reportedly_leaked_its_own/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Samsung leaking its own secrets\"})}),\" three times; \",/*#__PURE__*/e(o,{href:\"https://securityintelligence.com/articles/chatgpt-confirms-data-breach/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"attackers accessing the chat history\"})}),\" of other users after exploiting a flaw in an open-source library; and the \",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/over-100-000-chatgpt-accounts-stolen-via-info-stealing-malware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"stealing of over 100,000\"})}),\" user accounts.\"]}),/*#__PURE__*/e(\"p\",{children:\"Accordingly, and this should not be entirely new to your company's policies (except for the consideration of gen AI use), an obligation and a guideline to report AI-related incidents (e.g., data breaches, intellectual property infringement) should be clearly stated.\"}),/*#__PURE__*/e(\"h2\",{children:\"Require suppliers to notify and describe their gen AI usage\"}),/*#__PURE__*/t(\"p\",{children:[\"Your company must take preventive measures against supply chain attacks. We have mentioned some of the most important aspects to pay attention to following the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/software-supply-chain-security/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"software supply chain security\"})}),\" approach. One of them is to verify supplier policies and procedures to see if they align with best practices and standards.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Your company's gen AI policy should state that suppliers must detail their usage of third party's gen AI as thoroughly as possible. Some key information is the kind of data they input and how they ensure that it is not used in the tool's training. Regarding standards, the policy may require supplier knowledge about and adherence to \",/*#__PURE__*/e(o,{href:\"https://www.iso.org/standard/56641.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ISO/IEC 38507:2022\"})}),\". Further, your company may be a supplier too, and, in that case, its policy should require detailed disclosure of its own gen AI usage to projects using your company's software in their development.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Describe the AI policy communication and training strategies\"}),/*#__PURE__*/e(\"p\",{children:\"Your company must make its gen AI policy accessible to all employees and communicate to them any major changes it receives. Regarding the policy communication strategy, the policy may include the following:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(0, 0, 0)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"The structure of the messages to be directed at the staff (e.g., a case with a problem, hero and moral)\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"The communication channels (e.g., email, social media) and tools (e.g., videos, infographics) to be used\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"The methods and times to monitor and evaluate communication impact such as knowledge about the policy and attitude towards it\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"The feedback channels through which information is gained to improve the policy and/or its communication strategy\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Moreover, your organization needs to make sure its staff reads and acknowledges the gen AI policy and completes training on the responsible use of gen AI tools. Regarding the latter, the policy may include the following:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(0, 0, 0)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"The training formats and materials\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"The staff in charge of imparting training\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"The methods and times to monitor and evaluate knowledge about using gen AI tools responsibly\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"The feedback channels through which information is gained to improve the policy training strategy\"})})]}),/*#__PURE__*/t(\"p\",{children:[\"For a useful resource to have in your company's policy communication and training strategies, see our cheat sheet with five best practices for \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/5-best-practices-coding-with-gen-ai/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"developing securely with gen AI\"})}),\". And if your company allows the use of our \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/install-the-vs-code-extension\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"extension for the IDE\"})}),\" (integrated development environment), our documentation is a useful resource to not only learn how to use it but also \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/integrations-faq\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"how it handles data securely\"})}),\".\"]})]});export const richText5=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"When using generative AI to code, the best practices to follow include always reviewing the output, conducting security tests on it, avoiding to feed the tool with client or sensitive corporate data, making sure you are using a tool approved by your company and taking care not to breach open-source licenses. Since gen AI is here to stay as a mighty ally to development projects' efficiency, it is important to check that it is implemented securely.\"}),/*#__PURE__*/e(\"img\",{alt:\"Cheat sheet: Five best practices for developing securely with gen AI\",className:\"framer-image\",height:\"639\",src:\"https://framerusercontent.com/images/0AnfIboqw9ZBaY2UDKAOwJQUA.png\",srcSet:\"https://framerusercontent.com/images/0AnfIboqw9ZBaY2UDKAOwJQUA.png?scale-down-to=512 512w,https://framerusercontent.com/images/0AnfIboqw9ZBaY2UDKAOwJQUA.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/0AnfIboqw9ZBaY2UDKAOwJQUA.png 1920w\",style:{aspectRatio:\"1920 / 1279\"},width:\"960\"})]});export const richText6=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Review the output yourself\"}),/*#__PURE__*/t(\"p\",{children:[\"As it happens with open-source, third-party software components, AI is offering a way for software development projects to gain agility. For example, you can use GitHub Copilot to write code fast thanks to it autocompleting the intended software functions based on your prompts. GitHub research suggests that AI may give you an \",/*#__PURE__*/e(o,{href:\"https://github.blog/2022-09-07-research-quantifying-github-copilots-impact-on-developer-productivity-and-happiness/#:~:text=developers%20who%20used%20GitHub%20Copilot\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"efficiency boost of 55%\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Gen AI also has the capability to enable people with low technical knowledge to develop software. What's more, \",/*#__PURE__*/e(o,{href:\"https://www.techtarget.com/searchitoperations/news/366563975/DevSecOps-pros-prep-for-GenAI-upheavals-in-2024\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"it's been suggested\"})}),\" that AI could do the tasks of junior developers and, nonetheless, serve as a learning tool for them. Moreover, it's expected that a significant number of enterprises will likely use gen AI to unburden devs of some tasks and assign other more important projects to them.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Rest assured, gen AI is a tool to support your work. In its current state, it is not about to replace you. In fact, you should always expect that there will be flaws in AI-generated code. Reviews \",/*#__PURE__*/e(\"strong\",{children:\"must\"}),\" be performed always. Take a good look at the code, thinking about \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/secure-coding-practices/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"secure coding practices\"})}),\". When in doubt, ask knowledgeable peers to review and provide input on the AI-generated code before you commit it.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Conduct security testing on AI-generated code\"}),/*#__PURE__*/t(\"p\",{children:[\"Security is a big issue of AI-generated code. Fortunately, there are tools that can help you identify its vulnerabilities. We have listed some that are free and open source (FOSS) in our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/security-testing-fundamentals/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"main post about security testing\"})}),\", including \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/configure-the-tests-by-the-standalone-scanner\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"our own tool\"})}),\". If the application you're coding is ready to run, you can assess it with \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/product/dast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"dynamic application security testing\"})}),\" (DAST) in addition to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/product/sast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"static application security testing\"})}),' (SAST). The former will attack your application by interacting with it \"from the outside.\"']}),/*#__PURE__*/t(\"p\",{children:[\"It also helps a lot to have \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/what-is-ethical-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ethical hackers\"})}),\" review the code and running application, since \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/vulnerability-scan/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"vulnerability scanning\"})}),\", a completely automated process, is known to produce reports with high rates of \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/impacts-of-false-positives/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"false positives\"})}),\" and miss actual security issues. These hackers, aka security analysts, can find true vulnerabilities that, if exploited, would have a terrible impact on information availability, confidentiality and integrity.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Once you learn of the vulnerabilities, you need to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/vulnerability-remediation-process/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"remediate them\"})}),\". Again, you may use gen AI to fix the code. In fact, we recently rolled out the \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/fix-code-automatically-with-gen-ai\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Autofix\"})}),\" function of our extension on VS Code. You can get a \",/*#__PURE__*/e(\"strong\",{children:\"suggested\"}),\" code fix with the click of a button. But even then you will have to be careful with the output, as this function leverages gen AI and can't escape its limitations. So, you should review the fix suggestion and subject it to security testing.\"]}),/*#__PURE__*/t(\"p\",{children:[\"If you're interested in a free trial of \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/solutions/application-security\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"application security testing\"})}),\" with our automated tool, click \",/*#__PURE__*/e(o,{href:\"https://app.fluidattacks.com/SignUp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"here\"})}),\" to start.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Use gen AI tools approved by your company\"}),/*#__PURE__*/t(\"p\",{children:[\"It's important that orgs identify and monitor the use of gen AI should they allow it. They will need to write up policies and company guidelines regarding the use of AI, helped by their intellectual property and legal teams. As AI can err in the same ways humans have done writing code, existing governance can serve as a foundation. We give advice on what to include in a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/6-main-items-gen-ai-usage-policy/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"gen AI policy\"})}),\" in a dedicated blog post. These are some things orgs will need to do:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Establish the AI tools that they identify as secure, while being aware of the limitations of this technology.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Educate their employees on the use of gen AI technologies and policies related to it.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Establish the security testing solutions to be used to secure AI-generated code.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Monitor for any intellectual property infringement.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"You will need to be aware of requirements by your supervisor or other persons in your company (e.g., leader, Head of Product, CTO, management) that they be informed that you are using gen AI tools. If you are unsure whether you are allowed to use them at all or which are the right ones, ask around.\"}),/*#__PURE__*/e(\"h2\",{children:\"Don't feed client or intellectual property information to public GPT engines\"}),/*#__PURE__*/t(\"p\",{children:[\"Don't send confidential data of your company or its clients that could be fed into a cloud that is much beyond your control. Basically, the GPT engine would train on this data and eventually suggest it to users outside your company. Moreover, devs around the world are discouraged from entering sensitive data into GPT engines, as data breaches have occurred. (Counting some related to ChatGPT: Samsung thrice \",/*#__PURE__*/e(o,{href:\"https://www.theregister.com/2023/04/06/samsung_reportedly_leaked_its_own/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"leaked its own secrets\"})}),\"; exploiting a flawed open-source library gave attackers \",/*#__PURE__*/e(o,{href:\"https://securityintelligence.com/articles/chatgpt-confirms-data-breach/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"access to the chat history\"})}),\" of other users; over \",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/over-100-000-chatgpt-accounts-stolen-via-info-stealing-malware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"100,000 accounts were stolen\"})}),\" once.) So, be aware of any policy in your organization detailing how to use gen AI tools for development.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Be mindful about copyright of open-source projects the AI tool trains on\"}),/*#__PURE__*/t(\"p\",{children:[\"Is there the possibility that you're copying someone else's work when using the gen AI output? The issues of copyright infringement (when the output copies copyrightable elements of existing software verbatim) and breaches of open-source licenses (e.g., failing to provide required notices and attribution statements) are new and to be analyzed case by case (already there is an intricate \",/*#__PURE__*/e(o,{href:\"https://www.theregister.com/2023/05/12/github_microsoft_openai_copilot/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"lawsuit against Copilot\"})}),\").\"]}),/*#__PURE__*/e(\"p\",{children:\"Granted, Copilot, for example, has trained on so many GitHub repositories that the code it suggests may not look exactly like any particular code protected by copyright or requiring credits as per its open-source license. Still, there is a risk of infringement, and it's not mitigated easily, as Copilot removes in its suggestions copyright, management and license information required by some open-source licenses.\"}),/*#__PURE__*/t(\"p\",{children:[\"What we recommend is to think whether you could get the functions you need by using open-source libraries knowingly. You can follow our advice on \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/choosing-open-source/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"choosing open-source software\"})}),\" wisely. By the way, there are tools that will help you find out if there's any trouble with the third-party code you introduce into your project. By conducting \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/product/sca/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"software composition analysis\"})}),\" (SCA), these tools identify components that have known vulnerabilities and pose possible license conflicts. By \",/*#__PURE__*/e(o,{href:\"https://app.fluidattacks.com/SignUp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"trying our tool for free\"})}),\", you will get these scans as well as SAST and DAST. Start it now and don't forget to \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/install-the-vs-code-extension\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"download\"})}),\" our VS Code plugin to easily locate the vulnerable code and get code fix suggestions through gen AI.\"]})]});export const richText7=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/e(\"p\",{children:\"It's been a very productive end of year for cybercriminals targeting the Citrix Bleed vulnerability. It's quite a convenient flaw: By stealing the session cookie, gangs can gain access to systems with no need to find and steal login credentials. The latest news says that over 60 credit unions were forced offline as their one common provider was infected with ransomware. It's believed criminals leveraged Citrix Bleed to achieve this. This impactful incident reminds organizations all around the world how important it is to watch out for vulnerabilities in the technology supply chain. We tell you here about what's been happening recently with this security flaw, including that latest news.\"})});export const richText8=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"About Citrix Bleed\"}),/*#__PURE__*/t(\"p\",{children:[\"Citrix Bleed (i.e., \",/*#__PURE__*/e(o,{href:\"https://nvd.nist.gov/vuln/detail/CVE-2023-4966\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"CVE-2023-4966\"})}),\") is one of the recent vulnerabilities that affect Citrix's NetScaler Application Delivery Controllers (ADC) and Gateway. NetScaler is a network device that provides load balancing, firewall and VPN services to optimize the delivery of applications over the Internet. ADC refers to features for load balancing and traffic management, and Gateway, to the VPN and authentication components. \",/*#__PURE__*/e(o,{href:\"https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Citrix made its advisory public on October 10\"})}),\". But gangs have been exploiting the flaw since August. In a vulnerable device, they can retrieve session cookies and bypass password requirements and MFA to take over a user session and gain access to sensitive information.\"]}),/*#__PURE__*/e(\"p\",{children:\"Citrix developed patches and informed users. And so people should have the updated versions now. The implementation is ongoing, resulting in less devices at risk in the world, as the following chart from The ShadowServer Foundation shows. But even this does not stop massive hacks from happening.\"}),/*#__PURE__*/e(\"img\",{alt:\"Number of devices around the world - Citrix Bleed\",className:\"framer-image\",height:\"351\",src:\"https://framerusercontent.com/images/9n9exs8NolnNr5pgK2ELo8Vkm8.webp\",srcSet:\"https://framerusercontent.com/images/9n9exs8NolnNr5pgK2ELo8Vkm8.webp?scale-down-to=512 512w,https://framerusercontent.com/images/9n9exs8NolnNr5pgK2ELo8Vkm8.webp?scale-down-to=1024 1024w,https://framerusercontent.com/images/9n9exs8NolnNr5pgK2ELo8Vkm8.webp 1233w\",style:{aspectRatio:\"1233 / 703\"},width:\"616\"}),/*#__PURE__*/t(\"h6\",{children:[\"Number of devices with Citrix Bleed worldwide over time (source: \",/*#__PURE__*/e(o,{href:\"https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=other&d1=2023-10-11&d2=2023-12-12&source=http_vulnerable&source=http_vulnerable6&tag=cve-2023-4966%2B&group_by=geo&style=stacked\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"dashboard.shadowserver.org\"})}),\")\"]}),/*#__PURE__*/e(\"h2\",{children:\"Ransomware attacks involving Citrix Bleed\"}),/*#__PURE__*/t(\"p\",{children:[\"We had mentioned a notable breach related to the Citrix Bleed vulnerability last month \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/trend-forecast-for-2024/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"in our blog\"})}),\". It was the attack to The Boeing Distribution Inc.'s systems by the Russia-linked ransomware gang LockBit. The result was a leak of 45 GB of the firm's data. The gang's use of Citrix Bleed earned a joint \",/*#__PURE__*/e(o,{href:\"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"cybersecurity advisory\"})}),\" by several U.S. agencies (among which are the CISA and the FBI) and an Australian security authority. Their advice was, of course, to update and isolate the NetScaler ADC and Gateway appliances.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Yet another giant hit by ransomware in November, possibly enabled by Citrix Bleed, was \",/*#__PURE__*/e(o,{href:\"https://therecord.media/toyota-cyberattack-financial-services-divison\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Toyota\"})}),\". This time, it was the Medusa ransomware gang who claimed responsibility for the breach. Moreover, by the end of the month the U.S. Health Sector Cybersecurity Coordination Center issued \",/*#__PURE__*/e(o,{href:\"https://therecord.media/hhs-warns-of-citrix-bleed-bug\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"a warning to hospitals and healthcare facilities\"})}),\", as the NetScaler flaw is at the center of attacks causing outages in this industry.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The headlines by the start of December were marked by the \",/*#__PURE__*/e(\"strong\",{children:\"supply chain attack with ransomware\"}),\" that disrupted the operation of more than 60 credit unions in the U.S. The root of this incident was that criminals gained access to unpatched NetScaler servers of an information technology services provider common to those credit unions.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The National Credit Union Administration (NCUA), which insures and regulates the affected financial firms, \",/*#__PURE__*/e(o,{href:\"https://www.theregister.com/2023/12/02/ransomware_infection_credit_unions/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"confirmed the intrusion\"})}),\", number of affected orgs and cause. The services provider is the business analytics and talent services organization Trellance Cooperative Holdings Inc, which owns two further providers, whose names are Ongoing Operations LLC and Fedcomp. And it is believed that the ransomware attack, which went down on November 26, was likely possible thanks to the Citrix Bleed flaw. The impact was an outage of credit unions across the country, depending on Trellance to resolve the issue and get them back online.\"]}),/*#__PURE__*/e(\"p\",{children:\"What was the response of the IT provider after learning about the attack? Ongoing Operations LLC say they immediately began to investigate the incident and even brought in third-party specialists who would help them determine its scope and nature. Plus, they notified federal law enforcement. They informed all this to their customers along with the assurance that they had not found evidence that the attackers had misused the accessed information.\"}),/*#__PURE__*/t(\"p\",{children:[\"The NCUA learned fast about this incident. This kind of works as a reminder that the \",/*#__PURE__*/e(o,{href:\"https://ncua.gov/files/agenda-items/cyber-incident-notification-requirements-final-rule-20230216.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"NCUA requires since September 1\"})}),\" that federally insured credit unions report such events no later than 72 hours after learning of them. This is while CISA publishes their final rule with the Cyber Incident Reporting Act’s requirements, for which the agency has a deadline in 2025. The Act also states the limit for notifying CISA would be 72 hours. Accordingly, the NCUA, \",/*#__PURE__*/e(o,{href:\"https://www.theregister.com/2023/12/02/ransomware_infection_credit_unions/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"reportedly\"})}),\", informed the Department of the Treasury, CISA and the FBI about the event.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The stunts of ransomware gangs leveraging Citrix Bleed don't end here. Cybersecurity researcher \",/*#__PURE__*/e(o,{href:\"https://doublepulsar.com/what-it-means-citrixbleed-ransom-group-woes-grow-as-over-60-credit-unions-hospitals-47766a091d4f\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Kevin Beaumont has posted\"})}),\" that HTC Global Services had not updated their NetScaler by the end of November and are now being held to extortion by the AlphV ransomware group. On their ransomware portal, they display stolen documents that are branded Caretech, a division of the managed service provider for the U.S. healthcare sector. And yet another victim of AlphV was Fidelity National Financial, which had patched NetScaler late. Without a doubt, Citrix Bleed needs to be dealt with now. That is: Organizations need to patch now!\"]}),/*#__PURE__*/e(\"h2\",{children:\"Secure your supply chain\"}),/*#__PURE__*/t(\"p\",{children:[\"Spotting the risk of supply chain attacks is hard for organizations, as they are often unaware of the software they use. Taking preventive measures is the way to go. Finding out whether there's vulnerable software in use and how to solve that must be among everyone's top concerns right now. Furthermore, we advise, as always, that impacted companies \",/*#__PURE__*/e(\"strong\",{children:\"never pay the ransom\"}),\". One, they can't know for sure that the gang will keep their promises. And two, they would perpetuate the attacks. Instead, victims need to be thorough in their investigations and transparent and open when talking about the incidents.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Product developers: You have a big responsibility in your hands. The reason supply chain attacks happen in the first place is security holes in software. Secure it now. Scan it for vulnerabilities, test it in attack simulations and fix security problems as soon as possible, all of this \",/*#__PURE__*/e(\"strong\",{children:\"constantly\"}),\". Do not hesitate to ask us about our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Continuous Hacking\"})}),\" solution. You can just \",/*#__PURE__*/e(o,{href:\"https://app.fluidattacks.com/SignUp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"try it for free for 21 days\"})}),\" and see for yourself how the overwhelming task of managing vulnerabilities turns into something you can have under control.\"]})]});export const richText9=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"IoT devices cybersecurity needs to be better\"}),/*#__PURE__*/t(\"p\",{children:[\"The number of Internet of things (IoT) devices in the world is big and on the rise. By July 2023, it was \",/*#__PURE__*/e(o,{href:\"https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"15.14 billion\"})}),\". And it is estimated that, by the start of the new decade, they will be about 29.42 billion. Basically, their amount seems to almost double every five years. Right now, large corporate networks \",/*#__PURE__*/e(o,{href:\"https://technologymagazine.com/articles/cybersecurity-no-longer-one-size-fits-all-in-an-iot-world\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"may have millions\"})}),\" of such smart devices connected to them. That could be up to 30% of all the connected devices.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Organizations \",/*#__PURE__*/e(o,{href:\"https://www.techtarget.com/iotagenda/tip/Top-8-IoT-applications-and-examples-in-business\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"use IoT devices\"})}),\" for several reasons. Some, such as those in the healthcare sector, find them useful for tracking equipment and tools remotely via sensors or offering remote support to practitioners in augmented reality. Others, like those in the retail sector, may use IoT devices to boost the efficiency of their logistics (e.g., monitoring that inventory is where the inventory system claims it should be).\"]}),/*#__PURE__*/t(\"p\",{children:[\"IoT devices are, however, known to be insecure, as they generally come with \",/*#__PURE__*/e(o,{href:\"https://medium.com/@OSableProject/dont-just-leave-them-change-them-iot-default-passwords-an-osable-guide-b42a1d1ccfda\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"default\"})}),\", guessable usernames and/or passwords, use outdated software components, do not encrypt data, and do not get regular software updates, or \",/*#__PURE__*/e(o,{href:\"https://onomondo.com/blog/iot-device-update-tips/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"these are not always successful\"})}),\". Possibly a part of the fault lies in manufacturers' eagerness to deploy their devices massively and quickly, which outweighs any importance given to security tests during development. Another contributing factor may be the lack of strict government regulations on the cybersecurity of such devices.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The fact is that the lack of compliance with security requirements in IoT devices represents an important risk. By the start of 2023, organizations globally received a mean of \",/*#__PURE__*/e(o,{href:\"https://blog.checkpoint.com/security/the-tipping-point-exploring-the-surge-in-iot-cyberattacks-plaguing-the-education-sector/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"59.7 attack attempts weekly\"})}),\" targeting those devices. Insecure gadgets, making up a big chunk of the organizations' attack surfaces, are then the focus of a lot of activity by malicious hackers. Indeed, e.g., highly skilled groups of cybercriminals who have enough resources to attack their targets repeatedly, aka advanced persistent threats (APTs), \",/*#__PURE__*/e(o,{href:\"https://securelist.com/kaspersky-security-bulletin-apt-predictions-2024/111048/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"are leveraging zero-day security vulnerabilities\"})}),\" in smart home cameras, connected car systems, wearable devices, etc., to do surveillance and carry out espionage campaigns.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Cybersecurity labeling program in the United States\"}),/*#__PURE__*/t(\"p\",{children:[\"The above has motivated nations to include in their cybersecurity strategies an item regarding actions to increase cybersecurity on smart devices to protect consumers. Accordingly, in the U.S., the White House and the Federal Communications Commission (FCC) created a program, named \",/*#__PURE__*/e(o,{href:\"https://www.whitehouse.gov/briefing-room/statements-releases/2023/07/18/biden-harris-administration-announces-cybersecurity-labeling-program-for-smart-devices-to-protect-american-consumers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"U.S. Cyber Trust Mark\"})}),\", that aims to certify and label Internet-enabled devices as secure and will possibly be ready to start in late 2024.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The program is part of the \",/*#__PURE__*/e(o,{href:\"https://www.whitehouse.gov/wp-content/uploads/2023/07/National-Cybersecurity-Strategy-Implementation-Plan-WH.gov_.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"United States National Cybersecurity Strategy Implementation\"})}),\". It is in the process of establishing guidelines for manufacturers to follow voluntarily in the products they develop and deploy. These products include smart televisions, microwaves, refrigerators, fitness trackers, climate control systems, and more. The guidelines shall be based on \",/*#__PURE__*/e(o,{href:\"https://doi.org/10.6028/NIST.CSWP.02042022-2\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"recommended cybersecurity criteria\"})}),' published by National Institute of Standards and Technology (NIST). Further, the program proposes that complying products get a cybersecurity label \"in the form of a distinct shield logo\" (',/*#__PURE__*/e(o,{href:\"https://www.fcc.gov/cybersecurity-certification-mark\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"see here the proposed logo\"})}),\"). This label would help consumers easily choose smart devices that may be less vulnerable to cyberattacks than those without the label. And to \",/*#__PURE__*/e(\"strong\",{children:\"help choice\"}),\" even more, and also \",/*#__PURE__*/e(\"strong\",{children:\"promote transparency and competition\"}),\", the FCC plans to use a QR code that consumers can scan to access a national registry listing the products with their security information, which can then be used by the consumer to establish comparisons.\"]}),/*#__PURE__*/e(\"p\",{children:\"Although NIST is still working to define the requirements for consumer-grade routers, and other agencies are undertaking research to develop requirements for other smart devices, we can still summarize, in our own words, the recommended criteria that NIST has already made public.\"}),/*#__PURE__*/t(\"p\",{children:['The source we refer to is the white paper from February 4, 2022, titled \"',/*#__PURE__*/e(o,{href:\"https://doi.org/10.6028/NIST.CSWP.02042022-2\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products\"})}),\".\\\" It is a response to the Executive Order 14028, \\\"Improving the Nation's Cybersecurity,\\\" which tasks NIST with, among other things, formulating cybersecurity criteria and labeling approaches for IoT. Most of this agency's criteria can be satisfied by the IoT product's software and/or hardware, and some apply to the developer. We present them briefly as follows:\"]}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(0, 0, 0)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Asset identification:\"}),\" The product has a unique identifier and inventories all of its connected components.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Product configuration:\"}),\" The product's default setting is secure, and authorized users, services or components can change settings and also revert them to default.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Data protection:\"}),\" The product and its components protect the data they store and transmit from unauthorized access, disclosure and modification.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Interface access control:\"}),\" The product and its components restrict logical access to local and network interfaces to only the authorized users, services or components.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Software update:\"}),\" There is a secure and configurable mechanism to update the software of the product's components (even non-executable software data).\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Cybersecurity state awareness:\"}),\" The product detects cybersecurity incidents affecting or effected by its components and the data they store and transmit.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Documentation:\"}),\" The developer creates exhaustive documentation on the product that consumers can read before purchase and mentions information such as the product's intended use, compliance and noncompliance with requirements, components, security tests passed, as well as the vendor's methods of receiving reports of vulnerabilities, processes for recording reported vulnerabilities, policy for responding to such reports, policy for disclosing verified vulnerabilities, and processes for receiving news from component suppliers about changes in the latter's products.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Information and query reception:\"}),\" The developer receives information relevant to the cybersecurity of the product and responds to queries about it.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Information dissemination:\"}),\" The developer discloses through a channel information and events throughout the product's support lifecycle, including updates to terms of support, needed maintenance, new vulnerabilities, data breaches, as well as other cybersecurity relevant information, like steps for vulnerability remediation and the developer's security practices and certifications related to such practices.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Product education and awareness:\"}),\" The developer educates users and creates awareness on the product's cybersecurity related information, such as that regarding configuration and patch management to mitigate risks.\"]})})]}),/*#__PURE__*/t(\"p\",{children:[\"This sounds like it's going to be a gigantic step for IoT devices cybersecurity. Remarkably, the \",/*#__PURE__*/e(o,{href:\"https://www.whitehouse.gov/briefing-room/statements-releases/2023/07/18/biden-harris-administration-announces-cybersecurity-labeling-program-for-smart-devices-to-protect-american-consumers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"White House's statement\"})}),\" about the program mentions the manufacturers and retailers that have announced their support and commitment to the program, and these include big names. These are the participants mentioned: Amazon, Best Buy, Carnegie Mellon University, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, CyLab, Google, Infineon, the Information Technology Industry Council, IoXT, KeySight, LG Electronics U.S.A., Logitech, OpenPolicy, Qorvo, Qualcomm, Samsung Electronics, UL Solutions, Yale and August U.S.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Cybersecurity labeling programs already running in Europe\"}),/*#__PURE__*/t(\"p\",{children:[\"By the way, other nations have already introduced their own labeling programs. \",/*#__PURE__*/e(o,{href:\"https://www.traficom.fi/en/news/finland-becomes-first-european-country-certify-safe-smart-devices-new-cybersecurity-label\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Finland was the pioneer\"})}),\" and then Germany followed. And this is crucial, since Europe has been reported as the region whose IoT devices have been \",/*#__PURE__*/e(o,{href:\"https://blog.checkpoint.com/security/the-tipping-point-exploring-the-surge-in-iot-cyberattacks-plaguing-the-education-sector/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"targeted the most in early 2023\"})}),\" (about 70 attacks per organization every week). Let's take Germany's case of cybersecurity labeling as an example. The country's Federal Office for Information Security (BSI in German) started the program \",/*#__PURE__*/e(o,{href:\"https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2021/211208_IT-SiK_Antragsverfahren-startet.html?nn=1069038\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"by the end of 2021\"})}),\" with routers and email services and now also validates and labels IoT devices (e.g., Xiaomi's \",/*#__PURE__*/e(o,{href:\"https://www.bsi.bund.de/SiteGlobals/Forms/IT-Sicherheitskennzeichen/IT-Sicherheitskennzeichen_Formular.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"smart cameras and vacuums\"})}),\"). The developers who want to participate voluntarily need to comply with the BSI's criteria. These are based on the European standard \\\"\",/*#__PURE__*/e(o,{href:\"https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Cyber Security for Consumer Internet of Things: Baseline Requirements\"})}),\"\\\" (the same source for Finland's program), which is a 2020 document whose provisions have lots in common with those we described above, published by NIST years later. If the product earns the label with the BSI, \",/*#__PURE__*/e(o,{href:\"https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/IT-Sicherheitskennzeichen/fuer-Hersteller/FAQ-IT-SiK-fuer-hersteller_node.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"valid for at least two years\"})}),\", it will be visible for consumers, who will access the security information by entering the URL in the label or scanning the added QR code. Just in November this year the BSI launched a nationwide advertising campaign for consumers to be aware of the label.\"]}),/*#__PURE__*/t(\"p\",{children:[\"This effort in Europe is significant and can prepare developers for what's looming over them: The European Union's \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/cyber-resilience-act/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Cyber Resilience Act\"})}),\" (CRA) is expected to take effect next year. All digital products destined for the European market will need to comply with cybersecurity requirements throughout their lifecycles. Fines for infringement, which includes acts like deception and noncompliance, will go from about €5M to €15M (we expand on this regulation in our dedicated blog post).\"]}),/*#__PURE__*/e(\"h2\",{children:\"IoT is just the beginning\"}),/*#__PURE__*/t(\"p\",{children:[\"While in the U.S. the labeling program will start with IoT, we see that in Germany their own has been addressing other software products as well. The U.S. may follow these steps soon, though, since \",/*#__PURE__*/e(o,{href:\"https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/cybersecurity-labeling-consumers-0\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"NIST has also the task\"})}),' to identify \"secure software development practices or criteria for a consumer software labeling program.\" ',/*#__PURE__*/e(o,{href:\"https://doi.org/10.6028/NIST.CSWP.02042022-1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Their public 2022 white paper\"})}),\" already mentions technical criteria as claims that developers can make about their product. In a nutshell, a group of the criteria reads that the vendor adheres to accepted secure software development practices throughout the software development lifecycle (SDLC).\"]}),/*#__PURE__*/t(\"p\",{children:[\"How about being ahead of the curve by securing your software now? In our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Continuous Hacking\"})}),\" solution, we use several security testing techniques by default to verify your application's compliance with several secure development guidelines and cybersecurity standards. You can see all results when you log in on our platform and swiftly manage all vulnerabilities throughout the SDLC. As we provide you with fix recommendations through several options (including AI-generated, step-by-step guidance, and, in our flagship plan, advice from our pentesters), you can take action fast to fulfill the security requirements needed. \",/*#__PURE__*/e(o,{href:\"https://app.fluidattacks.com/SignUp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Start your free trial now\"})}),\".\"]})]});export const richText10=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"As is our custom, we would like to open by referring to the global cost of cybercrime expected for next year. Cybersecurity Ventures' estimate for 2024 is \",/*#__PURE__*/e(o,{href:\"https://cybersecurityventures.com/cybercrime-to-cost-the-world-9-trillion-annually-in-2024/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"$9.5 trillion\"})}),\". Reasons for the rise in cost include the expansion of the attack surface, the constant evolution of ransomware, the increase of cryptocurrency-related scams and the emergence of further geopolitical tensions. Considering the breakdown of this record figure, we will spend this New Year's knowing that, each second, organizations worldwide are losing $302,000 to cybercriminals. Accordingly, the cybersecurity market will continue to grow. \",/*#__PURE__*/e(o,{href:\"https://www.gartner.com/en/newsroom/press-releases/2023-09-28-gartner-forecasts-global-security-and-risk-management-spending-to-grow-14-percent-in-2024\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Gartner\"})}),\" forecasts companies worldwide will spend a total of $215 billion in security and risk management in 2024. Of course, it helps to be aware of the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/cybersecurity-trends-2023/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"current trends\"})}),\" and prepare for the trends to come. In this blog post, we present our brief forecast for 2024.\"]})});export const richText11=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Threat landscape forecast for 2024\"}),/*#__PURE__*/e(\"h3\",{children:\"Cyberattacks enhanced by AI\"}),/*#__PURE__*/t(\"p\",{children:[\"We had mentioned as a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/cybersecurity-trends-2023/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"2023 trend\"})}),' the way that generative artificial intelligence (gen AI) is helping criminals create more convincing phishing messages. Well, this trend is expected to grow even stronger in 2024. It is very likely that the material used by cybercriminals, including voice and video, will appear more legit. What\\'s more, gen AI \"as a service\" will probably rise. That is, there will be a market for gen AI tools in underground forums, so that criminals can buy their use to carry out their campaigns.']}),/*#__PURE__*/e(\"h3\",{children:\"Advanced persistent threats targeting the supply chain and more\"}),/*#__PURE__*/t(\"p\",{children:[\"We're anticipating advanced persistent threats (APTs) to be at the center of cybercriminal activities next year. (If you're unfamiliar with the term, it denotes adversaries with lots of expertise and resources and who can therefore repeatedly and adaptively create opportunities to achieve their objectives over an extended period of time.) \",/*#__PURE__*/e(o,{href:\"https://securelist.com/kaspersky-security-bulletin-apt-predictions-2024/111048/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Kaspersky\"})}),\", who have documented APTs' interest in smart devices, predict that the criminals will leverage systems of home cameras and cars with vulnerabilities or misconfigured or outdated software to expand their malicious surveillance. As the firm has seen APTs' successful use of very silent exploit delivery methods it expects these adversaries to keep that practice: sending exploits through messaging apps which are activated without user interaction, sending links that trigger attacks upon being opened and hacking Wi-Fi networks. Apart from smart devices, threat actors may turn their attention to the exploitation of managed file transfer systems, since, as was evidenced with the consequences of the \",/*#__PURE__*/e(o,{href:\"https://www.emsisoft.com/en/blog/44123/unpacking-the-moveit-breach-statistics-and-analysis/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"exploitation of MOVEit\"})}),\", the impacts would be compromising thousands of organizations.\"]}),/*#__PURE__*/t(\"p\",{children:[\"We have referred to cyberwar as one \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/cybersecurity-trends-2023/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"2023 trend\"})}),\". As conflicts around the world keep emerging, so will the activity of state-sponsored threats grow in cyberspace. This possibility should urge nations to strengthen their protection of critical infrastructure systems, as well as those of government and defense sectors. Moreover, the activity of hacktivists is expected to persist, which involves mostly distributed denial-of-service (DDoS) attacks, website defacement and unauthorized access to data.\"]}),/*#__PURE__*/e(\"p\",{children:\"Yet another trend mentioned by Kaspersky that we also anticipate is APTs leveraging vulnerabilities in open-source software. One notable modus operandi of theirs that may become trendy is purchasing supply chain attacks as a service. Meaning, they may get in the market access packages that target various software vendors and IT service suppliers, this way they can rapidly launch large-scale attacks. A quite different clientele (e.g., ill-intentioned and not too technically skilled people) may probably find in the market next year many more hacker-for-hire groups than today.\"}),/*#__PURE__*/e(\"h3\",{children:\"Ransomware\"}),/*#__PURE__*/t(\"p\",{children:[\"Ransomware activities this end of year have declined a little, given the dismantling of the \",/*#__PURE__*/e(o,{href:\"https://www.secureworld.io/industry-news/authorities-take-down-ragnar-locker\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Ragnar Locker\"})}),\" gang and the \",/*#__PURE__*/e(o,{href:\"https://therecord.media/qakbot-cybercrime-botnet-takedown-fbi\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Qakbot botnet\"})}),\" prior to that. Anyway, what's normal is that the individuals who had worked on dismantled gangs and botnets find their way back to the stage.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://therecord.media/ransomware-tracker-the-latest-figures\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"LockBit\"})}),\", who have been the most active actor for quite a while, and other gangs keep the threat of ransomware very much alive. A recent stunt by LockBit was to leverage a \",/*#__PURE__*/e(o,{href:\"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"widely exploited vulnerability\"})}),\" to bypass password requirements and multifactor authentication in The Boeing Distribution Inc.'s systems. After perceiving no ransom payment, the gang published \",/*#__PURE__*/e(o,{href:\"https://www.itbrew.com/stories/2023/11/17/after-boeing-declines-to-pay-up-ransomware-group-leaks-45-gb-of-data\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"45 GB of Boeing’s data\"})}),\". It won't be a surprise, then, to see a continuation of the exploitation of zero-day vulnerabilities by ransomware gangs and affiliates to deliver their malware.\"]}),/*#__PURE__*/t(\"p\",{children:[\"As gangs keep demanding costly ransom sums, it's predicted that the victims of their attacks will have lost around \",/*#__PURE__*/e(o,{href:\"https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"$265 billion annually\"})}),\" by 2031, and every two seconds there will be a ransomware attack.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Trend forecast for the cybersecurity industry\"}),/*#__PURE__*/e(\"h3\",{children:\"AI for cybersecurity\"}),/*#__PURE__*/t(\"p\",{children:[\"Regarding the use of artificial intelligence in the cybersecurity industry, we expect to see next year the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/cybersecurity-trends-2023/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"continuation of the trend\"})}),\" of using AI for the remediation of vulnerabilities in software products. That is, to help devs achieve faster fix times, security testing solutions will continue to offer AI-generated fixes.\"]}),/*#__PURE__*/t(\"p\",{children:[\"As for promoting a more secure cyberspace that can still embrace AI, some regulations on its use are going to be in place in the following years. An example is the use of the \",/*#__PURE__*/e(o,{href:\"https://bidenwhitehouse.archives.gov/ostp/ai-bill-of-rights/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Blueprint for an AI Bill of Rights\"})}),\" framework to guide organizations' policies, practices and design to protect the American public. Basically, they should follow five principles, which we could summarize as follows:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Design and test automated systems thoughtfully, so that they are safe to use and effective.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Take measures to prevent algorithmic discrimination.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Include data privacy protections by default.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Give notice to users that automated systems are in use and explain the role of automation in determining system outcomes.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Where appropriate, provide human alternatives that users can turn to if the automated system fails or if the users want to contest its impacts on them.\"})})]}),/*#__PURE__*/e(\"h3\",{children:\"SEC rules and greater liability of CISOs\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/sec-new-regulations/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"We had talked last year\"})}),\" about the coming of new rules by the U.S. Securities and Exchange Commission (SEC). On December 18, 2023, the SEC rules will start to take effect. In our words, they require publicly traded companies do the following:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Disclose cybersecurity incidents within four days with details on their nature, scope and timing and material, or likely material, impact on the company.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Describe their strategies for cybersecurity risk detection and management and the material, or likely material, effects of risks from threats and previous incidents.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Describe management's cybersecurity expertise in assessing and managing material risks from cybersecurity threats, as well as the oversight role of their board of directors.\"})})]}),/*#__PURE__*/t(\"p\",{children:[\"We expect these new rules to shape how companies see cybersecurity and react to cyber incidents. As a matter of fact, some recent events already have shown what awaits those who fail to comply. We are talking about the SEC filing charges against \",/*#__PURE__*/e(o,{href:\"https://www.securityweek.com/sec-charges-solarwinds-and-its-ciso-with-fraud-and-cybersecurity-failures/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"SolarWinds and its chief information security officer\"})}),\", and the prior sentencing of \",/*#__PURE__*/e(o,{href:\"https://www.justice.gov/usao-ndca/pr/former-chief-security-officer-uber-sentenced-three-years-probation-covering-data\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Uber's chief security officer\"})}),\" to three year's probation. Both cases underline the aversive effects of lying about the companies' state of cybersecurity.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Naturally, this state of affairs, capturing security leaders' legal liability in the aftermath of cybersecurity incidents, is and will keep creating a sense of urgency to disclose events and a higher level of compromise in cybersecurity. It has been advised that the C-suite and cybersecurity team work harder to \",/*#__PURE__*/e(o,{href:\"https://www.csoonline.com/article/653983/companies-are-already-feeling-the-pressure-from-upcoming-us-sec-cyber-rules.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"speak the same language\"})}),\", i.e., be actively involved in complying with the SEC rules. Further, the cybersecurity team should have a deeper relationship \",/*#__PURE__*/e(o,{href:\"https://www.securityweek.com/industry-reactions-to-sec-charging-solarwinds-and-its-ciso-feedback-friday/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"with the legal team\"})}),\" to work together in managing corporate risk, compliance and regulatory functions.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Software supply chain security\"}),/*#__PURE__*/t(\"p\",{children:[\"We had mentioned \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/software-supply-chain-security/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"software supply chain security\"})}),\" (SSCS) as a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/cybersecurity-trends-2023/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"2023 trend\"})}),\". This one is not going away any time soon, as supply chain attacks keep being successful and more costly than attacks of other kinds. No organization should turn a deaf ear to this threat. \",/*#__PURE__*/e(o,{href:\"https://www.gartner.com/en/newsroom/press-releases/2022-03-07-gartner-identifies-top-security-and-risk-management-trends-for-2022\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Gartner's prediction\"})}),\" has been that by 2025 almost half of organizations worldwide will have suffered the consequences of such attacks.\"]}),/*#__PURE__*/e(\"p\",{children:\"Again, we mention that the SSCS approach means to go beyond generating SBOMs and performing SCA scans. Thoroughly securing the supply chains will need to involve verifying the provenance of software components and assessing the security policies of suppliers and how well they comply with industry standards, among other secure development practices.\"}),/*#__PURE__*/e(\"h3\",{children:\"Cybersecurity labeling for consumers\"}),/*#__PURE__*/t(\"p\",{children:[\"2024 is the launch year of the \",/*#__PURE__*/e(o,{href:\"https://www.whitehouse.gov/briefing-room/statements-releases/2023/07/18/biden-harris-administration-announces-cybersecurity-labeling-program-for-smart-devices-to-protect-american-consumers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"U.S. Cyber Trust Mark program\"})}),\". It is the creation of the White House and the U.S. Federal Communications Commission (FCC) that will certify and label Internet-enabled devices as secure. This is an important step to help reduce the cybersecurity risks caused by Internet of things (IoT) devices, which are the ones targeted by this program and are estimated to be around \",/*#__PURE__*/e(o,{href:\"https://docs.fcc.gov/public/attachments/DOC-395909A1.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"25 billion\"})}),\" by the start of the new decade.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The program's guidelines include providing regular software updates, implementing strong and unique default passwords, protecting data and having incident detection capabilities. Seeing the earned digital label in a device would help consumer choice, ideally with them favoring those products that are safer and less vulnerable to attacks. It's noteworthy that big manufacturers and retailers will be supporting and committing to the program. They include, according to the White House, \\\"Amazon, Best Buy, Google, LG Electronics U.S.A., Logitech, and Samsung Electronics.\\\" This trend will hopefully protect consumers from suffering the consequences of the campaigns by APTs on smart devices, which we referred to above. We provide more information about this trend in a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/cybersecurity-labeling-for-iot/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"dedicated blog post\"})}),\".\"]}),/*#__PURE__*/e(\"h2\",{children:\"Prepare for trends securing your software\"}),/*#__PURE__*/t(\"p\",{children:[\"You can see that it's going to be a risky business to go into 2024 without securing your software. At Fluid Attacks, we are aware of the trends to come and prepare for them, developing our own security testing software in accordance with them and growing our team of pentesters. We assess our clients' software continuously and contribute to their remediation of security issues both through AI-generated guides and our pentesters' advice. Don't put it off any longer: Start a \",/*#__PURE__*/e(o,{href:\"https://app.fluidattacks.com/SignUp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"free trial\"})}),\" of our automated security testing now. Upgrade at any time of the trial to include assessments by our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/products/ptaas\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"pentesters\"})}),\".\"]})]});export const richText12=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Switching from blind SSRF to local file read. Have you ever thought about it? Browsing the Internet, I found a third-party library called Intervention Image. It is a PHP image management and manipulation library that provides a simple interface for loading, storing and editing images.\"}),/*#__PURE__*/e(\"p\",{children:'The disturbing thing is that, while reading about this library, I noticed that it was referred to as \"vulnerable by default.\" To understand it better, I wanted to exploit it, and what better way than in the real world?'})]});export const richText13=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Vulnerability\"}),/*#__PURE__*/t(\"p\",{children:[\"I searched on GitHub which sites used Intervention Image. I then found a repository that had a lot of interaction and good stars, so I decided to work with that one. The repository in question is \",/*#__PURE__*/e(o,{href:\"https://github.com/BookStackApp/BookStack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"BookStack\"})}),\". The vulnerability I’ll demonstrate is in version 23.10.2.\"]}),/*#__PURE__*/e(\"p\",{children:\"I will now show you the exploitation path from the source to the sink. This way you will understand the unexpected payload we will use to exploit this vulnerability.\"}),/*#__PURE__*/e(\"h3\",{children:\"From source to sink\"}),/*#__PURE__*/e(\"p\",{children:\"On an account with writer permissions, you can create books and, within them, fill your pages. Such pages accept Markdown and HTML code. I show that process in this video:\"}),/*#__PURE__*/e(\"video\",{autoPlay:!0,className:\"framer-image\",loop:!0,muted:!0,playsInline:!0,src:\"https://framerusercontent.com/assets/ulgbx3PGxQ9C29dShrNLuPhPKMo.mp4\"}),/*#__PURE__*/e(\"p\",{children:\"This is how that request looks like:\"}),/*#__PURE__*/e(\"img\",{alt:\"BookStack request\",className:\"framer-image\",height:\"516\",src:\"https://framerusercontent.com/images/jlbK1jXlAKwMSbncpmjSpj2xGqo.webp\",srcSet:\"https://framerusercontent.com/images/jlbK1jXlAKwMSbncpmjSpj2xGqo.webp?scale-down-to=512 512w,https://framerusercontent.com/images/jlbK1jXlAKwMSbncpmjSpj2xGqo.webp?scale-down-to=1024 1024w,https://framerusercontent.com/images/jlbK1jXlAKwMSbncpmjSpj2xGqo.webp?scale-down-to=2048 2048w,https://framerusercontent.com/images/jlbK1jXlAKwMSbncpmjSpj2xGqo.webp 3022w\",style:{aspectRatio:\"3022 / 1032\"},width:\"1511\"}),/*#__PURE__*/e(\"p\",{children:\"When we upload HTML (in this case) through a page, that HTML is handled here:\"}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"class PageContent\\n{\\n    [...]\\n\\n    public function setNewHTML(string $html): void\\n    {\\n        $html = $this->extractBase64ImagesFromHtml($html); // HERE\\n        $this->page->html = $this->formatHtml($html);\\n        $this->page->text = $this->toPlainText();\\n        $this->page->markdown = '';\\n    }\\n\\n    protected function extractBase64ImagesFromHtml(string $htmlText): string\\n    {\\n        [...]\\n\\n        $doc = $this->loadDocumentFromHtml($htmlText);\\n\\n        [...]\\n        $xPath = new DOMXPath($doc);\\n\\n        // Get all img elements with image data blobs\\n        $imageNodes = $xPath->query('//img[contains(@src, \\\\'data:image\\\\')]');\\n        foreach ($imageNodes as $imageNode) {\\n            $imageSrc = $imageNode->getAttribute('src');\\n            $newUrl = $this->base64ImageUriToUploadedImageUrl($imageSrc);  // HERE\\n            $imageNode->setAttribute('src', $newUrl);\\n        }\\n\\n        [...]\\n    }\\n\\n    protected function base64ImageUriToUploadedImageUrl(string $uri): string\\n    {\\n        $imageRepo = app()->make(ImageRepo::class);\\n        $imageInfo = $this->parseBase64ImageUri($uri); // Decode Image Data\\n\\n        [...]\\n\\n        try {\\n            $image = $imageRepo->saveNewFromData($imageName, $imageInfo['data'], 'gallery', $this->page->id); // HERE\\n        } catch (ImageUploadException $exception) {\\n            return '';\\n        }\\n\\n        return $image->url;\\n    }\\n\\n    protected function parseBase64ImageUri(string $uri): array\\n    {\\n        [$dataDefinition, $base64ImageData] = explode(',', $uri, 2);\\n        $extension = strtolower(preg_split('/[\\\\/;]/', $dataDefinition)[1] ?? '');\\n\\n        return [\\n            'extension' => $extension,\\n            'data'      => base64_decode($base64ImageData) ?: '',\\n        ];\\n    }\\n}\",language:\"PHP\"})})}),/*#__PURE__*/t(\"p\",{children:[\"In the previous fragment, we see the methods involved in handling the HTML that we send to the application through a page of a book. Of all these methods, there is one that is of special interest, which is \",/*#__PURE__*/e(\"code\",{children:\"saveNewFromData\"}),\". Let's look at it:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"{\\n        public function saveNewFromData(string $imageName, string $imageData, string $type, int $uploadedTo = 0): Image\\n        {\\n                $image = $this->imageService->saveNew($imageName, $imageData, $type, $uploadedTo);\\n                $this->imageResizer->loadGalleryThumbnailsForImage($image, true); // HERE\\n\\n                return $image;\\n        }\\n}\",language:\"PHP\"})})}),/*#__PURE__*/t(\"p\",{children:[\"From this code fragment, we are only interested in \",/*#__PURE__*/e(\"code\",{children:\"loadGalleryThumbnailsForImage\"}),\". Let's examine it now:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"class ImageResizer\\n{\\n\\n    public function __construct(\\n        protected ImageManager $intervention, // Intervention HERE\\n        protected ImageStorage $storage,\\n    ) {}\\n\\n    public function loadGalleryThumbnailsForImage(Image $image, bool $shouldCreate): void\\n    {\\n        $thumbs = ['gallery' => null, 'display' => null];\\n\\n        try {\\n            $thumbs['gallery'] = $this->resizeToThumbnailUrl($image, 150, 150, false, $shouldCreate);\\n            $thumbs['display'] = $this->resizeToThumbnailUrl($image, 1680, null, true, $shouldCreate);\\n        } catch (Exception $exception) {\\n            // Prevent thumbnail errors from stopping execution\\n        }\\n\\n        $image->setAttribute('thumbs', $thumbs);\\n    }\\n\\n    public function resizeToThumbnailUrl(\\n        Image $image,\\n        ?int $width,\\n        ?int $height,\\n        bool $keepRatio = false,\\n        bool $shouldCreate = false\\n    ): ?string {\\n\\n        [...]\\n\\n        // If not in cache and thumbnail does not exist, generate thumb and cache path\\n        $thumbData = $this->resizeImageData($imageData, $width, $height, $keepRatio); // HERE\\n        [...]\\n    }\\n\\n    public function resizeImageData(string $imageData, ?int $width, ?int $height, bool $keepRatio): string\\n    {\\n        try {\\n            $thumb = $this->intervention->make($imageData); // Vulnerability Here\\n        } catch (Exception $e) {\\n            throw new ImageUploadException(trans('errors.cannot_create_thumbs'));\\n        }\\n\\n        [...]\\n    }\\n}\",language:\"PHP\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Finally, we have arrived at the sink, this is where we pass the base64 encoded data that we have sent in the \",/*#__PURE__*/e(\"code\",{children:\"src\"}),\" of the \",/*#__PURE__*/e(\"code\",{children:\"img\"}),\" tags in the HTML of the book page. We know that we have absolute control of the string that is passed to this method but... what can we do with that?\"]}),/*#__PURE__*/e(\"h3\",{children:\"Exploit path\"}),/*#__PURE__*/t(\"p\",{children:[\"Remember I told you that \",/*#__PURE__*/e(\"code\",{children:\"intervention->make\"}),\" is vulnerable by default? Well, I want you to see why with your own eyes:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"class ImageManager\\n{\\n    public $config = [\\n        'driver' => 'gd'\\n    ];\\n\\n    public function make($data)\\n    {\\n        return $this->createDriver()->init($data);\\n    }\\n\\n    private function createDriver()\\n    {\\n        [...]\\n        if ($this->config['driver'] instanceof AbstractDriver) {\\n            return $this->config['driver'];\\n        }\\n        [...]\\n    }\\n}\",language:\"PHP\"})})}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"namespace Intervention\\\\Image\\\\Gd;\\n\\nclass Driver extends \\\\Intervention\\\\Image\\\\AbstractDriver\\n{\\n    [...]\\n}\",language:\"PHP\"})})}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"abstract class AbstractDriver\\n{\\n    /**\\n     * Decoder instance to init images from\\n     *\\n     * @var \\\\Intervention\\\\Image\\\\AbstractDecoder\\n     */\\n    public $decoder;\\n\\n\\n    public function init($data)\\n    {\\n        return $this->decoder->init($data);\\n    }\\n}\",language:\"PHP\"})})}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:'abstract class AbstractDecoder\\n{\\n    public function initFromUrl($url)\\n    {\\n\\n        $options = [\\n            \\'http\\' => [\\n                \\'method\\'=>\"GET\",\\n                \\'protocol_version\\'=>1.1, // force use HTTP 1.1 for service mesh environment with envoy\\n                \\'header\\'=>\"Accept-language: en\\\\r\\\\n\".\\n                \"User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36\\\\r\\\\n\"\\n          ]\\n        ];\\n\\n        $context  = stream_context_create($options);\\n\\n        // Pwned Here\\n        if ($data = @file_get_contents($url, false, $context)) {\\n            return $this->initFromBinary($data);\\n        }\\n\\n        throw new NotReadableException(\\n            \"Unable to init from given url (\".$url.\").\"\\n        );\\n    }\\n\\n    public function isUrl()\\n    {\\n        return (bool) filter_var($this->data, FILTER_VALIDATE_URL);\\n    }\\n\\n    public function init($data)\\n    {\\n        $this->data = $data;\\n\\n        switch (true) {\\n            [...]\\n            case $this->isUrl():\\n                return $this->initFromUrl($this->data);\\n            [...]\\n        }\\n    }\\n}',language:\"PHP\"})})}),/*#__PURE__*/t(\"p\",{children:[\"The \",/*#__PURE__*/e(\"code\",{children:\"make\"}),\" method can receive various types of data. Fortunately, it accepts URLs, which indicates that our input is valid.\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"string - Path of the image in filesystem.\\nstring - URL of an image (allow_url_fopen must be enabled).\\nstring - Binary image data.\\nstring - Data-URL encoded image data.\\nstring - Base64 encoded image data.\\nresource - PHP resource of type gd. (when using GD driver)\\nobject - Imagick instance (when using Imagick driver)\\nobject - Intervention\\\\Image\\\\Image instance\\nobject - SplFileInfo instance\",language:\"PHP\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Now that you have the exploit path, you can clearly see how we have gone from \",/*#__PURE__*/e(\"code\",{children:\"$this->intervention->make($imageData);\"}),\" to \",/*#__PURE__*/e(\"code\",{children:\"@file_get_contents($url, false, $context)\"}),\". We have complete control of the URL. This means we can perform SSRF attacks to interact with internal resources, etc.\"]}),/*#__PURE__*/t(\"p\",{children:[\"However, it would be great if we could escalate this. Fortunately, there is a technique to filter the contents of arbitrary files using the \",/*#__PURE__*/e(\"code\",{children:\"php://\"}),\" wrapper even if the output of the file read is not given to the user. This technique is called \",/*#__PURE__*/e(o,{href:\"https://www.synacktiv.com/en/publications/php-filter-chains-file-read-from-error-based-oracle\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Blind File Oracles\"})}),\" and was first discovered in DownUnderCTF 2022.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Summarizing, with a simple modification of the script \",/*#__PURE__*/e(o,{href:\"https://github.com/synacktiv/php_filter_chains_oracle_exploit\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"php_filter_chains_oracle_exploit\"})}),\" we can use the technique to filter the content of any file on the server.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Exploitation\"}),/*#__PURE__*/e(\"p\",{children:\"The above script works with urlencode-based requests. Our case is different, because the requests are sent in JSON format. So, I simply changed the encoding of the request to urlencode, and it worked. That is perfect because it simplifies a lot the work and time spent to modify the script.\"}),/*#__PURE__*/t(\"p\",{children:[\"It is important to note that the exploit can be sent to either of these two endpoints in the parameter \",/*#__PURE__*/e(\"code\",{children:\"html\"}),\":\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"/BookStack/public/ajax/page/7/save-draft\\n/BookStack/public/books/books/book/draft/7\",language:\"PHP\"})})}),/*#__PURE__*/e(\"p\",{children:\"In my case I preferred to do it with the first endpoint. The first endpoint is a temporary save, and the second endpoint is when we save the page as such. I recommend before using the script, that you verify from Burp Suite if the input actually reaches the sink, because it may not happen due to internal cache rules.\"}),/*#__PURE__*/e(\"p\",{children:\"Finally, we only have to assign the necessary cookies to the script, the path, the HTTP verb, the file we want to read, and wait for the result. Watch me execute the script here:\"}),/*#__PURE__*/e(\"video\",{autoPlay:!0,className:\"framer-image\",loop:!0,muted:!0,playsInline:!0,src:\"https://framerusercontent.com/assets/bFnrG9Q7K1teG2j5h5mOCYNE5I.mp4\"}),/*#__PURE__*/e(\"p\",{children:\"In the following screenshot, you can see that I got the file /etc/passwd partially leaked:\"}),/*#__PURE__*/e(\"img\",{alt:\"BookStack file leaked\",className:\"framer-image\",height:\"437\",src:\"https://framerusercontent.com/images/3XdL76kkms1uYUnaWIzxnwxJSGE.webp\",srcSet:\"https://framerusercontent.com/images/3XdL76kkms1uYUnaWIzxnwxJSGE.webp?scale-down-to=512 512w,https://framerusercontent.com/images/3XdL76kkms1uYUnaWIzxnwxJSGE.webp?scale-down-to=1024 1024w,https://framerusercontent.com/images/3XdL76kkms1uYUnaWIzxnwxJSGE.webp?scale-down-to=2048 2048w,https://framerusercontent.com/images/3XdL76kkms1uYUnaWIzxnwxJSGE.webp 3018w\",style:{aspectRatio:\"3018 / 874\"},width:\"1509\"}),/*#__PURE__*/t(\"p\",{children:[\"We assigned this vulnerability the CVE ID \",/*#__PURE__*/e(o,{href:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6199\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"CVE-2023-6199\"})}),\" and a CVSS score of 7.1. Read our advisory \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/advisories/imagination/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"here\"})}),\".\"]}),/*#__PURE__*/e(\"h2\",{children:\"No fix available yet but here's a workaround\"}),/*#__PURE__*/e(\"p\",{children:\"There is currently no patch for Intervention Image addressing its vulnerability. However, if you are using this library, the best way to ensure you are not vulnerable is by never passing user data directly into the constructor. If you want to turn an upload into an image, pass the file path to the uploaded tempfile instead.\"}),/*#__PURE__*/e(\"h2\",{children:\"Conclusion\"}),/*#__PURE__*/e(\"p\",{children:\"As always, extreme curiosity leads me to delve into applications to such an extent that I discover new ways to exploit vulnerabilities or to find rather peculiar sinkholes. In this blog post, we have seen how being able to edit HTML or Markdown content can lead to more critical vulnerabilities such as an arbitrary file read (in this case), instead of the typical cross-site scripting (XSS).\"}),/*#__PURE__*/t(\"p\",{children:[\"Remember that at Fluid Attacks we offer a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"solution\"})}),\" to search for security vulnerabilities in software continuously. Secure your applications in a \",/*#__PURE__*/e(o,{href:\"https://app.fluidattacks.com/SignUp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"21-day free trial\"})}),\" of our automated security testing. You can upgrade at any time to include assessments by our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/what-is-ethical-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"pentesters\"})}),\".\"]})]});export const richText14=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/e(\"p\",{children:\"Most of us know what it's like to have our flow distracted by what turns out to be a fruitless action. Devs experience this when they find out that the allegedly insecure source code they were urged to review is actually secure. But annoyance is but one negative impact of false positives. When time is at stake, to waste it is to actually lose money. Moreover, if there are constantly many alarms to take care of, there is the possibility of the security team actually neglecting real cybersecurity risks.\"})});export const richText15=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"What are false positives in cybersecurity?\"}),/*#__PURE__*/t(\"p\",{children:[\"When software products or systems are tested for security vulnerabilities, be it by a tool or hacker, ideally a report is created to inform of the findings. A \",/*#__PURE__*/e(\"strong\",{children:\"false positive\"}),\" is an erroneous report of the existence or presence of a security vulnerability. What the tool or the human perceived as a security issue, in a sector of the system it evaluated, is actually not.\"]}),/*#__PURE__*/e(\"p\",{children:\"As my editorial partner, Felipe Ruiz, put it briefly in an as of yet unpublished document:\"}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/e(\"p\",{children:'[…​] a false positive is when the doctor tells you, for example, that you have liver disease, when in fact you do not. Their perception of that disease is illusory, and they give you a diagnosis labeled \"positive,\" which is false, i.e., a false positive.'})}),/*#__PURE__*/t(\"p\",{children:[\"A \",/*#__PURE__*/e(\"strong\",{children:\"true positive\"}),\", on the other hand, is a correct report of the existence of a vulnerability. To provide a low rate of false positives (FPs) and a high rate of true positives are main goals for application security solutions. Still, \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/owasp-benchmark-fluid-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"it's been evidenced\"})}),\" that the performance of many —I should say, at least their tools' performance— leaves much to be desired. For example, commercial tools got an average true positive rate of 26% in their goal of finding vulnerabilities in a Java web application proposed by the Open Worldwide Application Security Project (OWASP).\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://arxiv.org/pdf/2305.16812.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Some tools may be\"})}),\" more accurate in searching for some types of vulnerabilities and not others. So, they may be used together to complement each other. But truly, organizations should stay away from having lots of tools. (\",/*#__PURE__*/e(o,{href:\"https://www.ibm.com/account/reg/us-en/signup?formid=urx-45839&utm_source=fluidattacks.com\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"A 2020 study\"})}),\" showed that organizations using more than 50 tools ranked themselves lower in their ability to detect and respond to an attack (8% and 7% lower, respectively). That's apart from the headache of having to orchestrate those tools.)\"]}),/*#__PURE__*/e(\"h2\",{children:\"Negative impacts of false positives\"}),/*#__PURE__*/t(\"p\",{children:[\"The main problem with false positives is that devs and the security team \",/*#__PURE__*/e(\"strong\",{children:\"waste time and effort\"}),\" looking for supposed vulnerabilities. I started this blog post referring to how this feels like. Well, in \",/*#__PURE__*/e(o,{href:\"https://stripe.com/files/reports/the-developer-coefficient.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"a 2018 survey\"})}),', \"changing priorities resulting in discarded code or time wasted\" was rated as 79/100 in having a negative impact on the personal morale of devs. That came just second to \"work overload\" (81/100). The survey included more than 1,000 developers in the U.S., the UK, France, Germany and Singapore.']}),/*#__PURE__*/t(\"p\",{children:[\"As for the time wasted in inspecting false positives, it appears that devs have not been asked directly. A report from two years ago asked it to 291 directors of firms using managed detection and response services in the U.S. The response of those in organizations of 500 to 1,499 employees was that it took them around \",/*#__PURE__*/e(\"strong\",{children:\"25 minutes\"}),\". And that was one minute more than how long it took them to investigate true positives. Respondents working at the largest companies, in turn, were the most affected, wasting about 32 minutes investigating false positives. The pattern across firms was that as much time was spent on false positives as true positives.\"]}),/*#__PURE__*/t(\"p\",{children:[\"And it's not like false positives are just rare occurrences. In \",/*#__PURE__*/e(o,{href:\"https://www.scmagazine.com/brief/false-positive-cloud-security-alerts-overwhelming-it-teams\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"an international study last year\"})}),\", around 60% of IT professionals said they got over 500 cloud security alerts daily. And around half of the respondents said \",/*#__PURE__*/e(\"strong\",{children:\"more than 40% of alerts were false positives\"}),\". I'm citing different studies in this section but you get the gist: false positives are wasting too big a slice of people's time.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Then, how much money is going to waste here? It's yet unsaid, it seems. However, \",/*#__PURE__*/e(o,{href:\"https://www.helpnetsecurity.com/2023/07/20/soc-analysts-tools-effectiveness/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"there's a mention\"})}),\" that the annual cost of manual alert triage is $3.3 billion in the U.S. So, possibly, an upsetting large sum is dedicated to false alarms.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Organizations must keep investigating the alarms, though. The losses may be dramatic if they failed to detect and respond to an actual threat before criminals find and exploit it (a data breach is averaging \",/*#__PURE__*/e(o,{href:\"https://www.ibm.com/reports/data-breach\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"$4.45 million\"})}),\"). However, the alarms can be so many that the organizations can't keep up. The aforementioned 2021 study found organizations of 500 to 1,499 employees \",/*#__PURE__*/e(\"strong\",{children:\"did not address 27% of the alerts\"}),\" they received. And a similar percentage was reported by larger companies. Alert volume must be reduced, specifically, false positives.\"]}),/*#__PURE__*/e(\"h2\",{children:\"How to reduce the impacts of false positives\"}),/*#__PURE__*/e(\"p\",{children:\"First off, organizations should look for the security testing solutions that can provide evidence of their minimal false positive rate. On the other hand, tool vendors should improve the quality of their products' alerts. Indeed, interviews with some security operation center (SOC) practitioners have helped identify what can be changed, as they've found alerts to be \\\"unreliable, difficult to interpret, and lacking in the context needed by analysts to filter FPs from genuine alarms.\\\" Therefore, the authors of that interview study suggest that alerts should be as follows:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Reliable:\"}),\" Come from methods that accurately find vulnerabilities and are perfected often.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Explainable:\"}),\" Offer comprehensible information as to why they raise an alarm.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Contextual:\"}),\" Take into account characteristics specific to the organization being assessed.\"]})})]}),/*#__PURE__*/e(\"h2\",{children:\"Fluid Attacks offers minimal false positive rates\"}),/*#__PURE__*/t(\"p\",{children:[\"Our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Continuous Hacking\"})}),\" involves accurate security testing and remediation recommendations to help companies secure their software products. Our tool achieved a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/owasp-benchmark-fluid-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"true positive rate of 100%\"})}),\" and a false negative rate of 0% in the OWASP Benchmark v1.2. Moreover, our flagship \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/plans/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"plan\"})}),\" includes manual reviews by our pentesters, who not only find vulnerabilities that tools can't detect but also examine the findings to discard any false positives.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Click \",/*#__PURE__*/e(o,{href:\"https://app.fluidattacks.com/SignUp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"here\"})}),\" to sign up for a free trial of our tool.\"]})]});export const richText16=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Ever committed to helping companies develop and deploy secure software, we share a selection of what we consider to be the most significant cyberattack and prevention trends in 2023.\"}),/*#__PURE__*/e(\"p\",{children:\"As in previous years, there were attacks based on exploiting vulnerabilities in software products. Moreover, the expression in cyberspace of wars between nations continued. On the other hand, artificial intelligence (AI) showed important progress this year, and cybercriminals took that to their advantage to enhance their attacks.\"}),/*#__PURE__*/e(\"p\",{children:\"These challenges for cybersecurity have led to protection trends throughout the development cycle of technological products. Such include the use of AI for good and enhancements in authentication mechanisms.\"})]});\nexport const __FramerMetadata__ = {\"exports\":{\"richText\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText13\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText5\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText7\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText8\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText10\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText15\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText1\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText2\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText3\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText16\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText9\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText11\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText6\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText4\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText14\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText12\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"__FramerMetadata__\":{\"type\":\"variable\"}}}"],"mappings":"ydACa,AADb,GAAkD,IAA4D,IAAuC,IAAwB,IAA4G,CAAa,EAAsB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,+BAAgC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,uBAAwB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+OAAgP,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,MAAmB,EAAE,SAAS,CAAC,SAAS,wBAAyB,EAAC,CAAC,0jBAA2jB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yBAAsC,EAAE,SAAS,CAAC,SAAS,yBAA0B,EAAC,CAAC,wZAAyZ,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,obAAqb,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,yBAA0B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,MAAmB,EAAE,SAAS,CAAC,SAAS,iBAAkB,EAAC,CAAC,0qBAA2qB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,MAAmB,EAAE,SAAS,CAAC,SAAS,iBAAkB,EAAC,CAAC,klBAAmlB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4bAA6b,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,+BAAgC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8OAA2P,EAAE,SAAS,CAAC,SAAS,kBAAmB,EAAC,CAAC,qJAAkK,EAAEA,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,sHAAuH,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0dAA2d,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4XAAyY,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sCAAuC,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wTAAyT,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,6BAA8B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,ocAAqc,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+nBAAgoB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gKAA6K,EAAE,SAAS,CAAC,SAAS,sCAAuC,EAAC,CAAC,0CAA2C,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,kgBAAmgB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wKAAqL,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8CAA+C,EAAC,AAAC,EAAC,CAAC,iDAA8D,EAAE,SAAS,CAAC,SAAS,+CAAgD,EAAC,CAAC,4NAA6N,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,kCAAkC,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,sEAAuE,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0CAAuD,EAAE,SAAS,CAAC,SAAS,IAAK,EAAC,CAAC,sEAAmF,EAAE,SAAS,CAAC,SAAS,gBAAiB,EAAC,CAAC,oIAAqI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,6eAA8e,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,qEAAsE,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8CAA2D,EAAE,SAAS,CAAC,SAAS,yEAA0E,EAAC,CAAC,+CAA4D,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,gNAAiN,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wKAAyK,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,kDAAmD,EAAC,CAAC,2KAA4K,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,uBAAwB,EAAC,CAAC,yOAA0O,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,8CAA+C,EAAC,CAAC,mGAAgH,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,gGAA6G,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,2DAAwE,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,QAAS,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,2CAA4C,EAAC,CAAC,sPAAuP,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,sCAAuC,EAAC,CAAC,yGAAsH,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,UAAuB,EAAED,EAAE,CAAC,KAAK,8DAA8D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2CAA4C,EAAC,AAAC,EAAC,CAAC,gDAAiD,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,0CAA2C,EAAC,CAAC,mMAAoM,CAAC,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,QAAqB,EAAE,KAAK,CAAE,EAAC,CAAc,EAAE,KAAK,CAAE,EAAC,CAAc,EAAE,KAAK,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,CAAC,qYAAkZ,EAAE,KAAK,CAAE,EAAC,CAAc,EAAE,KAAK,CAAE,EAAC,AAAC,CAAC,EAAC,AAAC,EAAC,CAAC,OAAQ,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,yVAA0V,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4JAA6J,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,oDAAqD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wIAAyI,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uDAAoE,EAAE,SAAS,CAAC,SAAS,0FAA2F,EAAC,CAAC,uNAAwN,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kDAAmD,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,iDAAkD,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,0FAA2F,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,mCAAoC,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gIAAiI,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+BAA4C,EAAE,SAAS,CAAC,SAAS,2DAA4D,EAAC,CAAC,qcAAkd,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,qHAAsH,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+jBAAgkB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yLAAsM,EAAE,SAAS,CAAC,SAAS,kBAAmB,EAAC,CAAC,gLAAiL,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wCAAqD,EAAE,SAAS,CAAC,SAAS,yGAA0G,EAAC,CAAC,wFAAyF,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,8OAA+O,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,kEAAmE,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mCAAgD,EAAED,EAAE,CAAC,KAAK,8EAA8E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,SAAsB,EAAED,EAAE,CAAC,KAAK,kCAAkC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,2WAA4W,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wCAAqD,EAAED,EAAE,CAAC,KAAK,gCAAgC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,6fAA0gB,EAAED,EAAE,CAAC,KAAK,qEAAqE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,oFAAqF,CAAC,EAAC,AAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,MAAM,CAAC,IAAI,8EAA8E,UAAU,eAAe,OAAO,OAAO,IAAI,uEAAuE,OAAO,sWAAsW,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,MAAO,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,iDAAkD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4NAA6N,EAAC,CAAc,EAAE,KAAK,CAAC,MAAM,CAAC,0BAA0B,QAAQ,sBAAsB,eAAe,6BAA6B,MAAM,0BAA0B,MAAO,EAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,mEAAoE,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,mDAAoD,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,gGAAiG,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,2TAA4T,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,oDAAqD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,uUAAwU,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,sQAAuQ,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qEAAsE,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0OAAuP,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,oIAAiJ,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,0FAAuG,EAAED,EAAE,CAAC,KAAK,4DAA4D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,4BAA6B,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oFAAiG,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,0BAAuC,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,gKAA6K,EAAED,EAAE,CAAC,KAAK,iEAAiE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,wEAAyE,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,MAAM,CAAC,0BAA0B,QAAQ,sBAAsB,eAAe,6BAA6B,MAAM,0BAA0B,MAAO,EAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,8EAA+E,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,qCAAsC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,sCAAmD,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,wCAAwC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,uCAAwC,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,0DAA2D,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,6CAA8C,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,wDAAyD,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,yEAA0E,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,2HAA4H,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,6GAA8G,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wHAAqI,EAAE,SAAS,CAAC,SAAS,WAAY,EAAC,CAAC,mOAAoO,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6EAA0F,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,0FAAuG,EAAED,EAAE,CAAC,KAAK,yFAAyF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,+DAA4E,EAAED,EAAE,CAAC,KAAK,kCAAkC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,0DAA2D,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,mVAAoV,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mTAAgU,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iCAAkC,EAAC,AAAC,EAAC,CAAC,iBAA8B,EAAED,EAAE,CAAC,KAAK,0EAA0E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sCAAuC,EAAC,AAAC,EAAC,CAAC,8EAA2F,EAAED,EAAE,CAAC,KAAK,iHAAiH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,iBAAkB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4QAA6Q,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,6DAA8D,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mKAAgL,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAiC,EAAC,AAAC,EAAC,CAAC,8HAA+H,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iVAA8V,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,yMAA0M,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8DAA+D,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gNAAiN,EAAC,CAAc,EAAE,KAAK,CAAC,MAAM,CAAC,0BAA0B,QAAQ,sBAAsB,eAAe,6BAA6B,MAAM,0BAA0B,MAAO,EAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,yGAA0G,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,0GAA2G,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,+HAAgI,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,mHAAoH,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,8NAA+N,EAAC,CAAc,EAAE,KAAK,CAAC,MAAM,CAAC,0BAA0B,QAAQ,sBAAsB,eAAe,6BAA6B,MAAM,0BAA0B,MAAO,EAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,oCAAqC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,2CAA4C,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,8FAA+F,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,mGAAoG,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kJAA+J,EAAED,EAAE,CAAC,KAAK,qEAAqE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iCAAkC,EAAC,AAAC,EAAC,CAAC,+CAA4D,EAAED,EAAE,CAAC,KAAK,oFAAoF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,0HAAuI,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,ocAAqc,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,uEAAuE,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,KAAM,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,4BAA6B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2UAAwV,EAAED,EAAE,CAAC,KAAK,yKAAyK,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kHAA+H,EAAED,EAAE,CAAC,KAAK,+GAA+G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,gRAAiR,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uMAAoN,EAAE,SAAS,CAAC,SAAS,MAAO,EAAC,CAAC,sEAAmF,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,qHAAsH,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,+CAAgD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8LAA2M,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kCAAmC,EAAC,AAAC,EAAC,CAAC,eAA4B,EAAED,EAAE,CAAC,KAAK,oGAAoG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,8EAA2F,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sCAAuC,EAAC,AAAC,EAAC,CAAC,0BAAuC,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qCAAsC,EAAC,AAAC,EAAC,CAAC,6FAA8F,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+BAA4C,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,mDAAgE,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,oFAAiG,EAAED,EAAE,CAAC,KAAK,4DAA4D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,oNAAqN,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sDAAmE,EAAED,EAAE,CAAC,KAAK,mEAAmE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,oFAAiG,EAAED,EAAE,CAAC,KAAK,yFAAyF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,wDAAqE,EAAE,SAAS,CAAC,SAAS,WAAY,EAAC,CAAC,mPAAoP,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2CAAwD,EAAED,EAAE,CAAC,KAAK,0DAA0D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,mCAAgD,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,YAAa,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,2CAA4C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wXAAqY,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,wEAAyE,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,+GAAgH,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,uFAAwF,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,kFAAmF,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,qDAAsD,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,6SAA8S,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8EAA+E,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6ZAA0a,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,4DAAyE,EAAED,EAAE,CAAC,KAAK,0EAA0E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,yBAAsC,EAAED,EAAE,CAAC,KAAK,iHAAiH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,4GAA6G,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,0EAA2E,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wYAAqZ,EAAED,EAAE,CAAC,KAAK,0EAA0E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,IAAK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,iaAAka,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qJAAkK,EAAED,EAAE,CAAC,KAAK,sDAAsD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,oKAAiL,EAAED,EAAE,CAAC,KAAK,wCAAwC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,mHAAgI,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,yFAAsG,EAAED,EAAE,CAAC,KAAK,oFAAoF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,uGAAwG,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,yrBAA0rB,EAAC,AAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,oBAAqB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uBAAoC,EAAED,EAAE,CAAC,KAAK,iDAAiD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,wYAAqZ,EAAED,EAAE,CAAC,KAAK,qIAAqI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+CAAgD,EAAC,AAAC,EAAC,CAAC,kOAAmO,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0SAA2S,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,oDAAoD,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,oEAAiF,EAAED,EAAE,CAAC,KAAK,kNAAkN,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,2CAA4C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0FAAuG,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,gNAA6N,EAAED,EAAE,CAAC,KAAK,sEAAsE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,qMAAsM,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0FAAuG,EAAED,EAAE,CAAC,KAAK,wEAAwE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,+LAA4M,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kDAAmD,EAAC,AAAC,EAAC,CAAC,uFAAwF,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6DAA0E,EAAE,SAAS,CAAC,SAAS,qCAAsC,EAAC,CAAC,iPAAkP,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8GAA2H,EAAED,EAAE,CAAC,KAAK,6EAA6E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,yfAA0f,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,mcAAoc,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wFAAqG,EAAED,EAAE,CAAC,KAAK,uGAAuG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iCAAkC,EAAC,AAAC,EAAC,CAAC,uVAAoW,EAAED,EAAE,CAAC,KAAK,6EAA6E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,8EAA+E,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mGAAgH,EAAED,EAAE,CAAC,KAAK,4HAA4H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,4fAA6f,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,0BAA2B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kWAA+W,EAAE,SAAS,CAAC,SAAS,sBAAuB,EAAC,CAAC,6OAA8O,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kSAA+S,EAAE,SAAS,CAAC,SAAS,YAAa,EAAC,CAAC,yCAAsD,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,2BAAwC,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,8HAA+H,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,8CAA+C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4GAAyH,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,sMAAmN,EAAED,EAAE,CAAC,KAAK,oGAAoG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,iGAAkG,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iBAA8B,EAAED,EAAE,CAAC,KAAK,2FAA2F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,2YAA4Y,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+EAA4F,EAAED,EAAE,CAAC,KAAK,wHAAwH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,8IAA2J,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iCAAkC,EAAC,AAAC,EAAC,CAAC,8SAA+S,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mLAAgM,EAAED,EAAE,CAAC,KAAK,gIAAgI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,sUAAmV,EAAED,EAAE,CAAC,KAAK,kFAAkF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kDAAmD,EAAC,AAAC,EAAC,CAAC,8HAA+H,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qDAAsD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8RAA2S,EAAED,EAAE,CAAC,KAAK,gMAAgM,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,uHAAwH,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8BAA2C,EAAED,EAAE,CAAC,KAAK,wHAAwH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8DAA+D,EAAC,AAAC,EAAC,CAAC,iSAA8S,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oCAAqC,EAAC,AAAC,EAAC,CAAC,iMAA8M,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,mJAAgK,EAAE,SAAS,CAAC,SAAS,aAAc,EAAC,CAAC,wBAAqC,EAAE,SAAS,CAAC,SAAS,sCAAuC,EAAC,CAAC,+MAAgN,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0RAA2R,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4EAAyF,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gGAAiG,EAAC,AAAC,EAAC,CAAC,8WAAkX,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,MAAM,CAAC,0BAA0B,QAAQ,sBAAsB,eAAe,6BAA6B,MAAM,0BAA0B,MAAO,EAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,uBAAwB,EAAC,CAAC,uFAAwF,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,wBAAyB,EAAC,CAAC,6IAA8I,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,kBAAmB,EAAC,CAAC,iIAAkI,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,2BAA4B,EAAC,CAAC,+IAAgJ,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,kBAAmB,EAAC,CAAC,uIAAwI,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,gCAAiC,EAAC,CAAC,4HAA6H,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,gBAAiB,EAAC,CAAC,4iBAA6iB,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,kCAAmC,EAAC,CAAC,oHAAqH,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,4BAA6B,EAAC,CAAC,iYAAkY,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,kCAAmC,EAAC,CAAC,sLAAuL,CAAC,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oGAAiH,EAAED,EAAE,CAAC,KAAK,gMAAgM,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,8hBAA+hB,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,2DAA4D,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kFAA+F,EAAED,EAAE,CAAC,KAAK,4HAA4H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,6HAA0I,EAAED,EAAE,CAAC,KAAK,gIAAgI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iCAAkC,EAAC,AAAC,EAAC,CAAC,iNAA8N,EAAED,EAAE,CAAC,KAAK,sIAAsI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,kGAA+G,EAAED,EAAE,CAAC,KAAK,8GAA8G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,2IAAyJ,EAAED,EAAE,CAAC,KAAK,8FAA8F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uEAAwE,EAAC,AAAC,EAAC,CAAC,uNAAqO,EAAED,EAAE,CAAC,KAAK,kJAAkJ,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,oQAAqQ,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sHAAmI,EAAED,EAAE,CAAC,KAAK,sDAAsD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,6VAA8V,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,2BAA4B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yMAAsN,EAAED,EAAE,CAAC,KAAK,oHAAoH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,8GAA2H,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,2QAA4Q,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4EAAyF,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,yhBAAsiB,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,8JAA2K,EAAED,EAAE,CAAC,KAAK,8FAA8F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,4bAAyc,EAAED,EAAE,CAAC,KAAK,0JAA0J,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,qJAAkK,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,iGAAkG,CAAC,EAAC,AAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,oCAAqC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,6BAA8B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yBAAsC,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,seAAwe,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,iEAAkE,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wVAAqW,EAAED,EAAE,CAAC,KAAK,kFAAkF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,gsBAA6sB,EAAED,EAAE,CAAC,KAAK,8FAA8F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,iEAAkE,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uCAAoD,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,scAAuc,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,skBAAukB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+FAA4G,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,iBAA8B,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,gJAAiJ,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,uKAAoL,EAAED,EAAE,CAAC,KAAK,sEAAsE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAiC,EAAC,AAAC,EAAC,CAAC,qKAAkL,EAAED,EAAE,CAAC,KAAK,iHAAiH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,oKAAqK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sHAAmI,EAAED,EAAE,CAAC,KAAK,+GAA+G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,oEAAqE,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,+CAAgD,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,sBAAuB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8GAA2H,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,iMAAkM,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kLAA+L,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oCAAqC,EAAC,AAAC,EAAC,CAAC,uLAAwL,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,6FAA8F,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,sDAAuD,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,8CAA+C,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,2HAA4H,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,yJAA0J,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,0CAA2C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,4NAA6N,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,2JAA4J,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,uKAAwK,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,+KAAgL,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yPAAsQ,EAAED,EAAE,CAAC,KAAK,0GAA0G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uDAAwD,EAAC,AAAC,EAAC,CAAC,iCAA8C,EAAED,EAAE,CAAC,KAAK,wHAAwH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,6HAA8H,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4TAAyU,EAAED,EAAE,CAAC,KAAK,4HAA4H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,mIAAgJ,EAAED,EAAE,CAAC,KAAK,2GAA2G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,oFAAqF,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,gCAAiC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oBAAiC,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAiC,EAAC,AAAC,EAAC,CAAC,gBAA6B,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,iMAA8M,EAAED,EAAE,CAAC,KAAK,oIAAoI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,oHAAqH,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gWAAiW,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,sCAAuC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kCAA+C,EAAED,EAAE,CAAC,KAAK,gMAAgM,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,wVAAqW,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,kCAAmC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qwBAAoxB,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,2CAA4C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,geAA6e,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,0GAAuH,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,+RAAgS,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4NAA6N,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,eAAgB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uMAAoN,EAAED,EAAE,CAAC,KAAK,6CAA6C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,6DAA8D,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,uKAAwK,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qBAAsB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,6KAA8K,EAAC,CAAc,EAAE,QAAQ,CAAC,UAAU,EAAE,UAAU,eAAe,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,sEAAuE,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,sCAAuC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,oBAAoB,UAAU,eAAe,OAAO,MAAM,IAAI,wEAAwE,OAAO,yWAAyW,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,MAAO,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+EAAgF,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAEC,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAAyxD,SAAS,KAAM,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iNAA8N,EAAE,OAAO,CAAC,SAAS,iBAAkB,EAAC,CAAC,qBAAsB,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;;;;;;GAAuX,SAAS,KAAM,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sDAAmE,EAAE,OAAO,CAAC,SAAS,+BAAgC,EAAC,CAAC,yBAA0B,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAA+/C,SAAS,KAAM,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gHAA6H,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,WAAwB,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,wJAAyJ,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,cAAe,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4BAAyC,EAAE,OAAO,CAAC,SAAS,oBAAqB,EAAC,CAAC,4EAA6E,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;;;;;;;;;;;;;;;;;GAAuY,SAAS,KAAM,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;;;GAAoH,SAAS,KAAM,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;;;;;;;;;;;;GAAuR,SAAS,KAAM,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAAmqC,SAAS,KAAM,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoB,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,mHAAoH,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;;;;;;+BAAkZ,SAAS,KAAM,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iFAA8F,EAAE,OAAO,CAAC,SAAS,wCAAyC,EAAC,CAAC,OAAoB,EAAE,OAAO,CAAC,SAAS,2CAA4C,EAAC,CAAC,yHAA0H,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+IAA4J,EAAE,OAAO,CAAC,SAAS,QAAS,EAAC,CAAC,mGAAgH,EAAEH,EAAE,CAAC,KAAK,gGAAgG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,iDAAkD,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yDAAsE,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kCAAmC,EAAC,AAAC,EAAC,CAAC,4EAA6E,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,cAAe,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,oSAAqS,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0GAAuH,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAEC,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;4CAAuF,SAAS,KAAM,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gUAAiU,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,oLAAqL,EAAC,CAAc,EAAE,QAAQ,CAAC,UAAU,EAAE,UAAU,eAAe,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,qEAAsE,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4FAA6F,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,wBAAwB,UAAU,eAAe,OAAO,MAAM,IAAI,wEAAwE,OAAO,yWAAyW,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,MAAO,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6CAA0D,EAAEH,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,+CAA4D,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8CAA+C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,uUAAwU,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0YAA2Y,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6CAA0D,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,mGAAgH,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,iGAA8G,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,4fAA6f,EAAC,AAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,4CAA6C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kKAA+K,EAAE,SAAS,CAAC,SAAS,gBAAiB,EAAC,CAAC,sMAAuM,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4FAA6F,EAAC,CAAc,EAAE,aAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,gQAAiQ,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,KAAkB,EAAE,SAAS,CAAC,SAAS,eAAgB,EAAC,CAAC,4NAAyO,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,2TAA4T,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,+MAA4N,EAAED,EAAE,CAAC,KAAK,4FAA4F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,wOAAyO,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qCAAsC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4EAAyF,EAAE,SAAS,CAAC,SAAS,uBAAwB,EAAC,CAAC,8GAA2H,EAAED,EAAE,CAAC,KAAK,iEAAiE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,0SAA2S,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mUAAgV,EAAE,SAAS,CAAC,SAAS,YAAa,EAAC,CAAC,gUAAiU,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mEAAgF,EAAED,EAAE,CAAC,KAAK,8FAA8F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kCAAmC,EAAC,AAAC,EAAC,CAAC,gIAA6I,EAAE,SAAS,CAAC,SAAS,8CAA+C,EAAC,CAAC,oIAAqI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oFAAiG,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,6IAA8I,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kNAA+N,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,2JAAwK,EAAE,SAAS,CAAC,SAAS,mCAAoC,EAAC,CAAC,yIAA0I,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8CAA+C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kkBAAqkB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,WAAY,EAAC,CAAC,kFAAmF,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,cAAe,EAAC,CAAC,kEAAmE,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,aAAc,EAAC,CAAC,iFAAkF,CAAC,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,mDAAoD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoB,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,6IAA0J,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,wFAAqG,EAAED,EAAE,CAAC,KAAK,kCAAkC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,qKAAsK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,SAAsB,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,2CAA4C,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,wLAAyL,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,6UAA8U,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,iNAAkN,EAAC,AAAC,CAAC,EAAC,CAC9yqI,EAAqB,CAAC,QAAU,CAAC,SAAW,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,mBAAqB,CAAC,KAAO,UAAW,CAAC,CAAC"}